Talk:Mod Murmur

From Mumble Wiki
Revision as of 17:30, 25 July 2011 by Mrsdonovan (talk | contribs) (signed)
Jump to: navigation, search

Using the "Direct" Method

While the idea of having separate documentation for the channel viewer protocol is good, I do not think the mislabeled "direct" approach should be mentioned here. It is a very ugly hack depending on exposing the server's database file to the world, thus providing neither current information nor any kind of security. If you want to retrieve server information, use the Ice interface together with one of the CVP providers, or make solid proposals towards an alternative as has already been discussed. Ngollan 09:13, 25 July 2011 (UTC)

Having looked at the code and used the plugin, I thought it was very elegant. Did you look at the code very closely? It hardly "exposes the server's database file to the world" and gives the web surfer exactly what they came for, a list of who is on the server and in what channel. I fail to see your point "thus providing neither current information"?? As to your point "nor any kind of security", as if putting the plain-text ICE password in an ini file is great security. My host, Dreamhost who hosts hundreds of thousands of websites, seems fit to give all it's users access to the SQLite3 PHP library by default but not to ZeroC ICE, which should tell you something about how secure ICE is. Also, using SQLite3 to access the Murmur database directly from a PHP file is no less secure then using PHP file to access MySQL, the databases are just in different places. Mod_Murmur is as safe as using ICE and if Mumble developers were worried about their database, they would password protect it, but it isn't. The point here is that those without access to ICE have no method by which to get channel information out of Mumble and it is a critical problem. The entry here I spent considerable time writing, documents the various options available to create a channel viewer and should be left alone, even if you don't agree with the method. Mrsdonovan 15:40, 25 July 2011 (UTC)
Direct reading and/or writing the database is unsupported and there is no guarantee that it will work in the future. We don't want anyone to promote that. Also putting the database on a public webserver is a very bad idea, it contains private SSL keys, user/channel passwords, etc. (Parsing the server log is also slow...) PCGod 16:11, 25 July 2011 (UTC)
Yes that's why the "Direct" method is "unofficial" and it up to the script writer to keep it updated. Is any method that doesn't use ICE forever banned even if they are simpler and easier to actually get working? Why did the Mumble developers use an open standard like SQLite3 to create the database if they didn't want people writing scripts against it? As for putting the database on a public webserver, the SQL database is in a directory not accessible to the general public, so the security issue isn't one. For example my murmur server is "/home/<username>/murmur" and my mod_murmur script is "/home/<username>/website.com/mod_murmur.php" - The database can't be downloaded. Unless Mumble developers password protect the SQLite database, then using a PHP script to access it can hardly be "forbidden" Mrsdonovan 17:30, 25 July 2011 (UTC)