[Typo3-dev] LPE-some ideas
Sebastian Kurfuerst
sebastian at garbage-group.de
Sun Feb 22 13:10:58 CET 2004
Hello,
I had some thoughts about a LPE because I will need it in a project and
so I made a concept for me how to do it. I try to explain my thoughts to
you because I hope you can make comments what's missing, what's good and
maybe you want to help implementing it because I think it's a lot of work.
OK, then start:
I will use the term "Client" for the computer where the BE user is
editing the content, and the term "Server" for the computer which will
present the website to the clients because I don't know which part is
called Live and which Production.
Anyways I think you agree that a LPE has three parts: The client part,
the transport layer (between the client and the server) and the server part.
Now some general stuff:
**Client**
In the pagetree, there needs to be a new symbol which shows if the page
on the client
a) doesn't exist,
b) is in a different version,
c) is current
compared to the server pagetree.
I think it is sufficent to create a new button on the pages: "Publish"
and "Publish with subpages". Also there needs to be a new section where
you can delete pages on the server which are deleted on the client, too.
Maybe there should be a popup when deleting a page if the deletion
should be also done on the server immediately or later.
There needs to be a new field in tt_content where the PID of the
corresponding server page is stored. I don't know if we need that for
records too.
?? Do we need a field where the server id of the records is stored?
**Transport Layer**
I think it is needed to encrypt the communication between the client and
the server because if there is no encryption, everybody with a little
knowledge can inject pages on the server and hijack the server. There
are two types of encryption: Public-key and shared-key encryption. I
don't have any knowledge how to do public key encryption, so I thought
of a shared-key encription.
The problem of a shared key is that the client and the server need the
same key. To make the shared-key encription as secure as possible, it is
good to use a kind of one-time-pad, so there is a new key every
transmission.
That leads us to the next problem: how to make sure to generate a new
key similar on both systems. Because I didn't know how to do it, I
wanted to generate the key on the client and the key is then sent to the
server. I think this needs a little more explanation, so I show you a
(possible) communication between the client and the server.
C: Generation of a random number of new one-time keys and insert them
into the database keylist.
C: Creating an array with the data in it and all the newly generated keys.
C: Serialize that array and save the checksum of it into $checksum_A.
C: Encrypt that serialized array with some encription algorithm and
delete the used key out of the database.
C: Send the string to the server.
S: Get the next key out of the key database table and delete it.
S: Decrypt the string, make a checksum of the string into $checksum_B
and unserialize it.
S: Insert the new keys into the database table.
S: Do the action requested by the client.
S: Encrypt the returned values and the checksum $checksum_B.
S: Send them to the client.
C: Decrypt the data and check if $checksum_A == $checksum_B.
If unsuccessfull, resend the data.
Maybe the checksum of the "answer" should also be sent to the server
again to make sure the communication was successfull.
I hope this explains what I wanted to say.
?? Is it a good idea to use public-key encription=?
?? Which encripiton algorithm to use?
?? Should the checksum of the answer be sent back to the server to make
sure the transmission was successful or isn't that necessary?
**Server**
The server is a kind of "stupid", so it just does what the client tells
him and the logic which data shall be transmitted will be on the client.
**Database Tables**
-for the caching of the server checksums of the pages to see which pages
are current, altered, new,...
-exclusion table, to make sure that not all the records are transmitted
(like be-users)
On later versions, it could be possible to make a sync between the
server and the client, but I don't know if it makes any sense. What do
you think?
**Sync**
Synchronization should not be so difficult.
At first, we will get the MD5 checksums of the content elements on the
server, then we will run a kind of diff and then the upload starts. At
the end, the checksums will be checked again to make sure the
transmission was successful.
The problem is how to transmit data on the file system. Do you have any
thoughts how to deal with that effectively?
Yeah, that are my ideas. What do you think of them? Do you have things
to make better, things you would change completely? Do you think this
could be useful to you, too?
I hope you understood me, I'm no native speaker.
Sebastian
More information about the TYPO3-dev
mailing list