stonecolddevin has asked for the wisdom of the Perl Monks concerning the following question:

Hey gang,

I've been thinking about this for a few days. I find that I'll get an idea for code in my head, but not always be in a good spot (e.g. have the correct software to edit/upload new files to the webserver) to test it out. I've turned it over in my head, and I know many sites have some sort of online code editor that allows you to open up files and edit them, thus giving me a central location for code storage and editing when need be.

I know Google now has http://code.google.com that allows you to create a project, release versions, track bugs, check out code, etc. However, from what I can tell, it doesn't have any central editor that would allow me or anyone else in my situation to edit code from anywhere

My REAL question is, what kind of security issues would this raise? I don't think I'd have any problem finding, or even writing a simple file editing system on my own, however I want to make sure that only priveleged users can edit the code without raising huge security risks that could potentially mess up the whole project

Obviously, backups would be made, file "drafts" could be imposed, and final revisions would not be published without an authorized go ahead (for this code editor, at least). Regardless, there are some large security issues anytime you allow files to be remotely edited.

Thoughts?

UPDATE: Am I being too paranoid? I know paranoia and programming make a good pair, but there's obviously a point where too much paranoia is just a waste of time and can even lead to bigger problems (ie: being so engulfed in the little things one forgets to take a look at the big picture and say, forgets to make that last check at the code to make sure use CGI::Carp qw[fatalsToBrowser]; is commented out.)...

meh.

Replies are listed 'Best First'.
Re: Security of website code editor?
by Fletch (Bishop) on Sep 03, 2006 at 23:07 UTC

    It doesn't have an editor because they provide a Subversion repository for you to store your code. You check out a copy (over SSL, authenticating with your password) to your local machine and make changes however you want. When you're ready to commit changes, they get pushed back to the SVN repository (again over SSL authenticating itself).

    There's no editor because it's outside the scope of what they're providing. Not to mention editing code in a browser's going to be bletcherous and painful compared to what you can do outside of one (I mean even vim would look good . . . :).

[reply]

      I realize that, the whole point of me posting this is to be able to access and edit my code remotely WITHOUT having the appropriate software on the computer.

      Bletcherous, disgusting, unworthy of being looked upon, yes, but I need something for when I'm away from a suitable computer.

      meh.
[reply]
        In that case, you can perhaps have a look at the various forms of web-based Office style programs. A good summary of what is available can be found here.

        CountZero

        "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]

        That's what USB keyfob drives are for. Put a copy of your favourite development environment on it and you're set. Between that and a business card sized Linux CD of your favourite flavour you'll be good to go pretty much anywhere.

        And you could setup an SSH Java applet somewhere for that small percentage of boxen you wouldn't be able to use that on.

[reply]
Re: Security of website code editor?
by CountZero (Bishop) on Sep 03, 2006 at 19:15 UTC
    What's wrong with plain old "username & password" to secure access to your code?

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]
      Most likely nothing, and i believe I even have an SSL option. However, we all know passwords can be cracked, and this being my first production site (http://www.timorperfectus.com), I don't really wanna mess anything up.
      meh.
[reply]
        SSL is certainly a good option: otherwise your passwords travel the internet in plain sight of all to see.

        You can add to the security by only allowing connections from trusted IP-sources; allow passwords only a limited lifetime; have different levels of access; ...

        CountZero

        "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]

Back to Seekers of Perl Wisdom