You are not logged in.
Pages: 1
Hi,
I just downloaded and installed xinha according to the NewbieGuide at http://trac.xinha.org/wiki/NewbieGuide. When I load my test page (test.html), I see a rectangle and I can type there, but the Xinha menu bar does not appear. It is as if the apache2 server is reading the <textarea> syntax, but not accessing the java. I am testing this on my own linux SuSE 11 server running apache2.
I extracted the tar file to /server/www/xinha and my server root is /server/www/htdocs. I assume that the xinha directory should not be under the website root. Is that correct? Should it have been placed under my cgi-bin directory?
Do I need to set permisions on the xinha directory? If so, to what? Do I also need to alter permissions on files within this directory and subdirectories? If so, to what?
Do I need to alter my apache2 configuration? ... to make it aware of the directory? ... to allow java?
Thanks
Joe
Offline
PS,
I get the same results (no menubar and just a textarea rectangle) with firefox, konqueror and Opera.
My xinha version is 0.95 stable downloaded 6/30/2009
Offline
Note, I am testing this from a test server accessible from the local network, not the internet.
I tried using the Firefox Live HTTP headers plugin and saw two things.
First, I was giving the full path to XinhaCore.js and my_config.js. In other words, I listed the full path as I understood the newbie guide suggested. This would be from the server root, as in /server/www/xinha/XinhaCore.js. (/server is a directory off the root)
HTTP Headers indicated that it was appending the full path to http://localhost/ as in http://localhost/server/www/xinha/XinhaCore.js. Well that would be wrong, since the web site root is /server/www/htdocs/, and the xinha directory is /server/www/xinha/. Given that I have included a directory directive in my apache2 configuration file for the xinha directory (/server/www/xinha), it should work if I list the xinha directory as /xinha/ and the full path to XinhaCor.js as /xinha/XinhaCore.js and to my_config.js as /xinha/my_config.js.
Second, after doing this HTTP Headers indicates that it is looking for XinhaCore.js in http://localhost/xinha/XinhaCore.js as it should, however, it also indicates this to be forbidden (HTTP/1.x 403 Forbidden). OK, so it is a permissions issue. I discovered that the js files were not executable and changed permissions to make them executable. They are now set for executable for user, group and all. Unfortunately, Live HTTP Headers still indicates that these .js files are Forbidden. Could I have some apache setting wrong? Here is my apache2 directive:
ScriptAlias /xinha/ "/server/www/xinha"
<Directory "/server/www/xinha/">
Options +ExecCGI +Includes
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
Offline
Is this a Security Flaw?
OK, now I tried putting the xinha directory into my web root (/server/www/htdocs/xinha/). Now the example pages show the icons, although when I click on Submit in the ExtendedDemo page, it does not actually save my changes. I suppose that is because it is not actually saving to a database, which of course a generic demo would not be able to do because it would be unaware of any DataBase Management System on my machine.
Is this not a security flaw? If the xinha directory is under my root, is this not a security flaw? Or is it safe as long as the directory is not writable? I did notice that files in this directory are downloadable.
Thanks,
Joe
Offline
Ray
OK, so i guess it is appropriate (not considered a security flaw to put the Xinha directory under the web server root.
Thanks
Joe
Offline
Pages: 1