You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Philip Laing <ph...@ascconsultants.com.au> on 2007/10/09 06:22:49 UTC
Setup with more than one computer - Security and Apache for a web server
Thanks Mike
That is exactly what I was looking for but I didn't quite know how to word
it.
I have slightly changed the subject to fit more closely to where the thread
might be heading
Thanks for the input from everyone; I have been able to glean that:
1. IP Addresses are not an issues with OFBiz's various components talking to
one another, ports and configuration of OFBiz's framework files are the
important areas to consider
2. It is possible to split OFBiz into 2-3 x nodes/servers during
installation
Half the challenge with setting up solutions such as OFBiz is know how it
thinks and what it needs to communicate between the various engines.
The reason I am interested is that I has a bad experience with Compiere.
During development I had left port 80 open through my firewall to single
computer installation and had the web server (Tomcat) hacked into and
broken. So I am very conscious of security and I am wondered if I could
split the web server and place in DMZ with the rest of OZBiz safely sitting
behind my firewall. If they break the web server it won't be as big an
issue to fix or protect the dbase and other parts from being compromised by
ID thieves looking credit card and other ID details
Thanks again for your input
Philip Laing Dip. Sys Admin IT
ASC Consultants
33 Vendul Crescent
Port Macquarie NSW 2444
Phone: 61 2 6582 7147
Mobile : 0411827147
Web Page: www.ascconsultants.com.au
Email: philip.laing@ascconsultants.com.au
> -----Original Message-----
> From: Mike Wong [mailto:mike.ym.wong@finepoint.com.hk]
> Sent: Tuesday, 9 October 2007 1:47 PM
> To: user@ofbiz.apache.org
> Subject: RE: Setup with more than one computer
>
> Philip,
>
> You can deploy something like this
>
> Computer-1 running httpd with mod_jk
> Computer-2 running ofbiz with only mod_jk port open
> Computer-3 running DB
>
> Doing so you have to change some configurations in the url.properties file
> and find some way to sync all your static files to the httpd doc root.
>
> Mike
>
> -----Original Message-----
> From: Philip Laing [mailto:philip.laing@ascconsultants.com.au]
> Sent: Monday, October 08, 2007 14:35
> To: user@ofbiz.apache.org
> Subject: RE: Setup with more than one computer
>
>
> Thanks Skip
>
> Exactly what I needed thanks for that ... now can I install over 3
> computers?
>
> Computer-1 webserver
> Computer-2 application server
> Computer-3 database
>
> Thanks again ... I really appreciate your input
>
> Phil
>
>
> > -----Original Message-----
> > From: skip@theDevers [mailto:skip@thedevers.org]
> > Sent: Monday, 8 October 2007 2:55 PM
> > To: user@ofbiz.apache.org
> > Subject: RE: Setup with more than one computer
> >
> > Philip
> >
> > What you wanna do is pretty easy. Have a look at entityengine.xml in
> > framework/entity/config.
> >
> > Look toward the bottom till you find the database type you use, say
> > "localpostgres". Clone this and call it something else, then change
> where
> > the jdbc driver looks. For example, its currently set to
> > jdbc-uri="jdbc:postgresql://127.0.0.1/ofbiz".
> >
> > You make a new one maybe like this:
> > "jdbc:postgresql://192.168.1.100/ofbiz".
> >
> > The database server can be anywhere you want.
> >
> > Check this out:
> >
> http://docs.ofbiz.org/display/OFBTECH/Apache+OFBiz+Technical+Production+Se
> > tu
> > p+Guide
> >
> > Here is another link:
> >
> > http://www.undersunconsulting.com/static/OFBizBasicProductionSetup.pdf
> >
> > Skip
> >
> > -----Original Message-----
> > From: Philip Laing [mailto:philip.laing@ascconsultants.com.au]
> > Sent: Sunday, October 07, 2007 8:50 PM
> > To: user@ofbiz.apache.org
> > Subject: RE: Setup with more than one computer
> >
> >
> > Hi BJ
> >
> > No ... not 2 instances ... just break up the installation over 2
> computers
> > i.e. 1st computer with dbase installed and 2nd computer with application
> > installed
> >
> > cheers
> >
> > Web Page: www.ascconsultants.com.au
> > Email: philip.laing@ascconsultants.com.au
> >
> > > -----Original Message-----
> > > From: BJ Freeman [mailto:bjfree@free-man.net]
> > > Sent: Monday, 8 October 2007 10:51 AM
> > > To: user@ofbiz.apache.org
> > > Subject: Re: Setup with more than one computer
> > >
> > > Clarification:
> > > it looks like you want to run two instances of ofbiz
> > > to the same DB.
> > > this takes extra configuration.
> > >
> > > FYI the apps use the web server
> > > I think you are referring the Ecommerce side
> > >
> > > not sure why you want to use two instances, since the backend (apps)
> is
> > > ssl and 8443.
> > > you can block that port through the fire wall if you only want intra
> lan
> > > communications.
> > >
> > > i run all behind a firewall, and both the http and https on the
> internet
> > > using a firewall for ports 80 and 8443.
> > > so the DB is protected.
> > > I believe you can route intra lan usage through a firewall for port
> 8443
> > > (apps)
> > >
> > >
> > > Philip Laing sent the following on 10/7/2007 4:19 PM:
> > > > Hi Fellas
> > > >
> > > > The network topology I would like OFBiz setup is using more than one
> > > > computer using the following options:
> > > > 1. Application Server + Dbase
> > > > 2. Web Server + Application Server + Dbase
> > > >
> > > > Now . I would feel confident setting up:
> > > >
> > > > Option 1. (Apps + Dbase) I will be placing the Apps and Dbase
> between
> > a
> > > > firewall i.e. Apps-(192.168.0.192/24) > Firewall > Dbase-
> > > (192.168.2.100/24)
> > > >
> > > > Option 2. (Web Server+ Apps + Dbase) Web Server-(192.168.1.100/24) >
> > > > Firewall > Dbase-(192.168.2.100/24) + Apps-(192.168.2.101/24)
> > > >
> > > > Notice the IP Addresses and different subnet masks. The question
> is:
> > > OFBiz
> > > > should be able to talk to the *dbase*, *webserver* and or
> *application
> > > > server* though ports only - Not relying on the same IP addressing?
> In
> > > other
> > > > words, rather than relying on TCP/IP to transfer information to each
> > > node
> > > > ... or do I need to route the disparate IP addressing so that each
> > node
> > > can
> > > > see each other through IP addressing
> > > >
> > > > Thanks in advance
> > > >
> > > >
> > > > Phil
> > > >
> > > >
> > > >
> > > >
> > > >
>
Re: Question
Posted by Scott Gray <le...@gmail.com>.
The relation title is usually only used if there if more than one
relationship to a particular entity, for example an entity might have two
relationships with the Party entity like FromParty and ToParty with From/To
being the title and Party being the rel-entity-name.
In a lot of cases there is no title so you just use the entity name, such as
in your case below.
Regards
Scott
On 09/10/2007, skip@theDevers <sk...@thedevers.org> wrote:
>
>
>
> I have this bit of code:
>
> GenericValue payment = delegator.findByPrimaryKey("Payment",
> UtilMisc.toMap("paymentId", paymentId));
> ...
> GenericValue paymentMethod =
> payment.getRelatedOne("PaymentMethod");
>
> The javadoc for getRelatedOne sez:
>
> Parameters:
> relationName - String containing the relation name which is the
> combination of relation.title and relation.rel-entity-name as specified in
> the entity XML definition file.
>
> I did not quite understand this statement as it does not seem to make
> sense
> in this context. Is this parameter a concatination of "Payment" and
> "Method" where Payment is the relation.title and Method is the
> relation.rel-entity-name?
>
> I kinda dont think so. I looked in the entitydef file containg Payment
> and
> found this:
>
> <relation type="one" fk-name="PAYMENT_PMETH"
> rel-entity-name="PaymentMethod">
> <key-map field-name="paymentMethodId"/>
> </relation>
>
> So, I am assuming that this particular getRelatedOne call is going to open
> the PaymentMethod entity and find the related "paymentMethodId" record.
>
> Is this correct?
>
> Also, if I see a yyy.getRelatedOne(xxx), can I assume that xxx is the
> entity
> name to look in and xxxId is the key name in xxx always?
>
> Thanks
>
> Skip
>
>
>
RE: Setup with more than one computer - Security and Apache for a web server
Posted by Philip Laing <ph...@ascconsultants.com.au>.
Skip
As I had a NAT firewall I am not sure. When Compiere is first loaded a
default web screen is open where access to many areas are gained through
password protection ... It may have been a password crack ... all I know is
that someone had comprimised the computer where Compiere was loaded and
changed compieres files
cheers
> -----Original Message-----
> From: skip@theDevers [mailto:skip@thedevers.org]
> Sent: Tuesday, 9 October 2007 2:36 PM
> To: user@ofbiz.apache.org
> Subject: RE: Setup with more than one computer - Security and Apache for a
> web server
>
> Philip
>
> I for one would be interested in knowing how they hacked port 80 if you
> know.
>
> Skip
>
> -----Original Message-----
> From: Philip Laing [mailto:philip.laing@ascconsultants.com.au]
> Sent: Monday, October 08, 2007 9:23 PM
> To: user@ofbiz.apache.org
> Subject: Setup with more than one computer - Security and Apache for a
> web server
>
>
> Thanks Mike
>
> That is exactly what I was looking for but I didn't quite know how to word
> it.
>
> I have slightly changed the subject to fit more closely to where the
> thread
> might be heading
>
> Thanks for the input from everyone; I have been able to glean that:
>
> 1. IP Addresses are not an issues with OFBiz's various components talking
> to
> one another, ports and configuration of OFBiz's framework files are the
> important areas to consider
> 2. It is possible to split OFBiz into 2-3 x nodes/servers during
> installation
>
> Half the challenge with setting up solutions such as OFBiz is know how it
> thinks and what it needs to communicate between the various engines.
>
> The reason I am interested is that I has a bad experience with Compiere.
> During development I had left port 80 open through my firewall to single
> computer installation and had the web server (Tomcat) hacked into and
> broken. So I am very conscious of security and I am wondered if I could
> split the web server and place in DMZ with the rest of OZBiz safely
> sitting
> behind my firewall. If they break the web server it won't be as big an
> issue to fix or protect the dbase and other parts from being compromised
> by
> ID thieves looking credit card and other ID details
>
> Thanks again for your input
>
> Philip Laing Dip. Sys Admin IT
> ASC Consultants
> 33 Vendul Crescent
> Port Macquarie NSW 2444
>
> Phone: 61 2 6582 7147
> Mobile : 0411827147
>
> Web Page: www.ascconsultants.com.au
> Email: philip.laing@ascconsultants.com.au
>
> > -----Original Message-----
> > From: Mike Wong [mailto:mike.ym.wong@finepoint.com.hk]
> > Sent: Tuesday, 9 October 2007 1:47 PM
> > To: user@ofbiz.apache.org
> > Subject: RE: Setup with more than one computer
> >
> > Philip,
> >
> > You can deploy something like this
> >
> > Computer-1 running httpd with mod_jk
> > Computer-2 running ofbiz with only mod_jk port open
> > Computer-3 running DB
> >
> > Doing so you have to change some configurations in the url.properties
> file
> > and find some way to sync all your static files to the httpd doc root.
> >
> > Mike
> >
> > -----Original Message-----
> > From: Philip Laing [mailto:philip.laing@ascconsultants.com.au]
> > Sent: Monday, October 08, 2007 14:35
> > To: user@ofbiz.apache.org
> > Subject: RE: Setup with more than one computer
> >
> >
> > Thanks Skip
> >
> > Exactly what I needed thanks for that ... now can I install over 3
> > computers?
> >
> > Computer-1 webserver
> > Computer-2 application server
> > Computer-3 database
> >
> > Thanks again ... I really appreciate your input
> >
> > Phil
> >
> >
> > > -----Original Message-----
> > > From: skip@theDevers [mailto:skip@thedevers.org]
> > > Sent: Monday, 8 October 2007 2:55 PM
> > > To: user@ofbiz.apache.org
> > > Subject: RE: Setup with more than one computer
> > >
> > > Philip
> > >
> > > What you wanna do is pretty easy. Have a look at entityengine.xml in
> > > framework/entity/config.
> > >
> > > Look toward the bottom till you find the database type you use, say
> > > "localpostgres". Clone this and call it something else, then change
> > where
> > > the jdbc driver looks. For example, its currently set to
> > > jdbc-uri="jdbc:postgresql://127.0.0.1/ofbiz".
> > >
> > > You make a new one maybe like this:
> > > "jdbc:postgresql://192.168.1.100/ofbiz".
> > >
> > > The database server can be anywhere you want.
> > >
> > > Check this out:
> > >
> >
> http://docs.ofbiz.org/display/OFBTECH/Apache+OFBiz+Technical+Production+Se
> > > tu
> > > p+Guide
> > >
> > > Here is another link:
> > >
> > > http://www.undersunconsulting.com/static/OFBizBasicProductionSetup.pdf
> > >
> > > Skip
> > >
> > > -----Original Message-----
> > > From: Philip Laing [mailto:philip.laing@ascconsultants.com.au]
> > > Sent: Sunday, October 07, 2007 8:50 PM
> > > To: user@ofbiz.apache.org
> > > Subject: RE: Setup with more than one computer
> > >
> > >
> > > Hi BJ
> > >
> > > No ... not 2 instances ... just break up the installation over 2
> > computers
> > > i.e. 1st computer with dbase installed and 2nd computer with
> application
> > > installed
> > >
> > > cheers
> > >
> > > Web Page: www.ascconsultants.com.au
> > > Email: philip.laing@ascconsultants.com.au
> > >
> > > > -----Original Message-----
> > > > From: BJ Freeman [mailto:bjfree@free-man.net]
> > > > Sent: Monday, 8 October 2007 10:51 AM
> > > > To: user@ofbiz.apache.org
> > > > Subject: Re: Setup with more than one computer
> > > >
> > > > Clarification:
> > > > it looks like you want to run two instances of ofbiz
> > > > to the same DB.
> > > > this takes extra configuration.
> > > >
> > > > FYI the apps use the web server
> > > > I think you are referring the Ecommerce side
> > > >
> > > > not sure why you want to use two instances, since the backend (apps)
> > is
> > > > ssl and 8443.
> > > > you can block that port through the fire wall if you only want intra
> > lan
> > > > communications.
> > > >
> > > > i run all behind a firewall, and both the http and https on the
> > internet
> > > > using a firewall for ports 80 and 8443.
> > > > so the DB is protected.
> > > > I believe you can route intra lan usage through a firewall for port
> > 8443
> > > > (apps)
> > > >
> > > >
> > > > Philip Laing sent the following on 10/7/2007 4:19 PM:
> > > > > Hi Fellas
> > > > >
> > > > > The network topology I would like OFBiz setup is using more than
> one
> > > > > computer using the following options:
> > > > > 1. Application Server + Dbase
> > > > > 2. Web Server + Application Server + Dbase
> > > > >
> > > > > Now . I would feel confident setting up:
> > > > >
> > > > > Option 1. (Apps + Dbase) I will be placing the Apps and Dbase
> > between
> > > a
> > > > > firewall i.e. Apps-(192.168.0.192/24) > Firewall > Dbase-
> > > > (192.168.2.100/24)
> > > > >
> > > > > Option 2. (Web Server+ Apps + Dbase) Web Server-(192.168.1.100/24)
> >
> > > > > Firewall > Dbase-(192.168.2.100/24) + Apps-(192.168.2.101/24)
> > > > >
> > > > > Notice the IP Addresses and different subnet masks. The question
> > is:
> > > > OFBiz
> > > > > should be able to talk to the *dbase*, *webserver* and or
> > *application
> > > > > server* though ports only - Not relying on the same IP addressing?
> > In
> > > > other
> > > > > words, rather than relying on TCP/IP to transfer information to
> each
> > > > node
> > > > > ... or do I need to route the disparate IP addressing so that each
> > > node
> > > > can
> > > > > see each other through IP addressing
> > > > >
> > > > > Thanks in advance
> > > > >
> > > > >
> > > > > Phil
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> >
>
Re: Setup with more than one computer - Security and Apache for a
web server
Posted by BJ Freeman <bj...@free-man.net>.
Phil Windows servers do have a lot of holes
one of the reasons I moved away from windows products for servers.
the one thing that most do not know is the all the user login services
are the old net lan, from dos days.
the only real security that windows machines has is the NT files system.
Since most don't clients I run into don't event use the security
permission or set them to everyone, or Admin Full, they have security
issues.
Though linux has some security issues they are not as prone to hacks as
Ms products, mostly from lack of interest, compared to Windows products.
This article does not address any security holes in TomCat or ofbiz.
Philip Laing sent the following on 10/8/2007 11:28 PM:
> Hi Skip
>
> This article might help you with what I am getting at
> http://www.windowsecurity.com/articles/Secure_Architecture_SQL_Web_Server.ht
> ml
>
> cheers
>
>
>> -----Original Message-----
>> From: skip@theDevers [mailto:skip@thedevers.org]
>> Sent: Tuesday, 9 October 2007 2:36 PM
>> To: user@ofbiz.apache.org
>> Subject: RE: Setup with more than one computer - Security and Apache for a
>> web server
>>
>> Philip
>>
>> I for one would be interested in knowing how they hacked port 80 if you
>> know.
>>
>> Skip
>>
>> -----Original Message-----
>> From: Philip Laing [mailto:philip.laing@ascconsultants.com.au]
>> Sent: Monday, October 08, 2007 9:23 PM
>> To: user@ofbiz.apache.org
>> Subject: Setup with more than one computer - Security and Apache for a
>> web server
>>
>>
>> Thanks Mike
>>
>> That is exactly what I was looking for but I didn't quite know how to word
>> it.
>>
>> I have slightly changed the subject to fit more closely to where the
>> thread
>> might be heading
>>
>> Thanks for the input from everyone; I have been able to glean that:
>>
>> 1. IP Addresses are not an issues with OFBiz's various components talking
>> to
>> one another, ports and configuration of OFBiz's framework files are the
>> important areas to consider
>> 2. It is possible to split OFBiz into 2-3 x nodes/servers during
>> installation
>>
>> Half the challenge with setting up solutions such as OFBiz is know how it
>> thinks and what it needs to communicate between the various engines.
>>
>> The reason I am interested is that I has a bad experience with Compiere.
>> During development I had left port 80 open through my firewall to single
>> computer installation and had the web server (Tomcat) hacked into and
>> broken. So I am very conscious of security and I am wondered if I could
>> split the web server and place in DMZ with the rest of OZBiz safely
>> sitting
>> behind my firewall. If they break the web server it won't be as big an
>> issue to fix or protect the dbase and other parts from being compromised
>> by
>> ID thieves looking credit card and other ID details
>>
>> Thanks again for your input
>>
>> Philip Laing Dip. Sys Admin IT
>> ASC Consultants
>> 33 Vendul Crescent
>> Port Macquarie NSW 2444
>>
>> Phone: 61 2 6582 7147
>> Mobile : 0411827147
>>
>> Web Page: www.ascconsultants.com.au
>> Email: philip.laing@ascconsultants.com.au
>>
>>> -----Original Message-----
>>> From: Mike Wong [mailto:mike.ym.wong@finepoint.com.hk]
>>> Sent: Tuesday, 9 October 2007 1:47 PM
>>> To: user@ofbiz.apache.org
>>> Subject: RE: Setup with more than one computer
>>>
>>> Philip,
>>>
>>> You can deploy something like this
>>>
>>> Computer-1 running httpd with mod_jk
>>> Computer-2 running ofbiz with only mod_jk port open
>>> Computer-3 running DB
>>>
>>> Doing so you have to change some configurations in the url.properties
>> file
>>> and find some way to sync all your static files to the httpd doc root.
>>>
>>> Mike
>>>
>>> -----Original Message-----
>>> From: Philip Laing [mailto:philip.laing@ascconsultants.com.au]
>>> Sent: Monday, October 08, 2007 14:35
>>> To: user@ofbiz.apache.org
>>> Subject: RE: Setup with more than one computer
>>>
>>>
>>> Thanks Skip
>>>
>>> Exactly what I needed thanks for that ... now can I install over 3
>>> computers?
>>>
>>> Computer-1 webserver
>>> Computer-2 application server
>>> Computer-3 database
>>>
>>> Thanks again ... I really appreciate your input
>>>
>>> Phil
>>>
>>>
>>>> -----Original Message-----
>>>> From: skip@theDevers [mailto:skip@thedevers.org]
>>>> Sent: Monday, 8 October 2007 2:55 PM
>>>> To: user@ofbiz.apache.org
>>>> Subject: RE: Setup with more than one computer
>>>>
>>>> Philip
>>>>
>>>> What you wanna do is pretty easy. Have a look at entityengine.xml in
>>>> framework/entity/config.
>>>>
>>>> Look toward the bottom till you find the database type you use, say
>>>> "localpostgres". Clone this and call it something else, then change
>>> where
>>>> the jdbc driver looks. For example, its currently set to
>>>> jdbc-uri="jdbc:postgresql://127.0.0.1/ofbiz".
>>>>
>>>> You make a new one maybe like this:
>>>> "jdbc:postgresql://192.168.1.100/ofbiz".
>>>>
>>>> The database server can be anywhere you want.
>>>>
>>>> Check this out:
>>>>
>> http://docs.ofbiz.org/display/OFBTECH/Apache+OFBiz+Technical+Production+Se
>>>> tu
>>>> p+Guide
>>>>
>>>> Here is another link:
>>>>
>>>> http://www.undersunconsulting.com/static/OFBizBasicProductionSetup.pdf
>>>>
>>>> Skip
>>>>
>>>> -----Original Message-----
>>>> From: Philip Laing [mailto:philip.laing@ascconsultants.com.au]
>>>> Sent: Sunday, October 07, 2007 8:50 PM
>>>> To: user@ofbiz.apache.org
>>>> Subject: RE: Setup with more than one computer
>>>>
>>>>
>>>> Hi BJ
>>>>
>>>> No ... not 2 instances ... just break up the installation over 2
>>> computers
>>>> i.e. 1st computer with dbase installed and 2nd computer with
>> application
>>>> installed
>>>>
>>>> cheers
>>>>
>>>> Web Page: www.ascconsultants.com.au
>>>> Email: philip.laing@ascconsultants.com.au
>>>>
>>>>> -----Original Message-----
>>>>> From: BJ Freeman [mailto:bjfree@free-man.net]
>>>>> Sent: Monday, 8 October 2007 10:51 AM
>>>>> To: user@ofbiz.apache.org
>>>>> Subject: Re: Setup with more than one computer
>>>>>
>>>>> Clarification:
>>>>> it looks like you want to run two instances of ofbiz
>>>>> to the same DB.
>>>>> this takes extra configuration.
>>>>>
>>>>> FYI the apps use the web server
>>>>> I think you are referring the Ecommerce side
>>>>>
>>>>> not sure why you want to use two instances, since the backend (apps)
>>> is
>>>>> ssl and 8443.
>>>>> you can block that port through the fire wall if you only want intra
>>> lan
>>>>> communications.
>>>>>
>>>>> i run all behind a firewall, and both the http and https on the
>>> internet
>>>>> using a firewall for ports 80 and 8443.
>>>>> so the DB is protected.
>>>>> I believe you can route intra lan usage through a firewall for port
>>> 8443
>>>>> (apps)
>>>>>
>>>>>
>>>>> Philip Laing sent the following on 10/7/2007 4:19 PM:
>>>>>> Hi Fellas
>>>>>>
>>>>>> The network topology I would like OFBiz setup is using more than
>> one
>>>>>> computer using the following options:
>>>>>> 1. Application Server + Dbase
>>>>>> 2. Web Server + Application Server + Dbase
>>>>>>
>>>>>> Now . I would feel confident setting up:
>>>>>>
>>>>>> Option 1. (Apps + Dbase) I will be placing the Apps and Dbase
>>> between
>>>> a
>>>>>> firewall i.e. Apps-(192.168.0.192/24) > Firewall > Dbase-
>>>>> (192.168.2.100/24)
>>>>>> Option 2. (Web Server+ Apps + Dbase) Web Server-(192.168.1.100/24)
>>>>>> Firewall > Dbase-(192.168.2.100/24) + Apps-(192.168.2.101/24)
>>>>>>
>>>>>> Notice the IP Addresses and different subnet masks. The question
>>> is:
>>>>> OFBiz
>>>>>> should be able to talk to the *dbase*, *webserver* and or
>>> *application
>>>>>> server* though ports only - Not relying on the same IP addressing?
>>> In
>>>>> other
>>>>>> words, rather than relying on TCP/IP to transfer information to
>> each
>>>>> node
>>>>>> ... or do I need to route the disparate IP addressing so that each
>>>> node
>>>>> can
>>>>>> see each other through IP addressing
>>>>>>
>>>>>> Thanks in advance
>>>>>>
>>>>>>
>>>>>> Phil
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>
>
>
>
>
RE: Setup with more than one computer - Security and Apache for a web server
Posted by Philip Laing <ph...@ascconsultants.com.au>.
Hi Skip
This article might help you with what I am getting at
http://www.windowsecurity.com/articles/Secure_Architecture_SQL_Web_Server.ht
ml
cheers
> -----Original Message-----
> From: skip@theDevers [mailto:skip@thedevers.org]
> Sent: Tuesday, 9 October 2007 2:36 PM
> To: user@ofbiz.apache.org
> Subject: RE: Setup with more than one computer - Security and Apache for a
> web server
>
> Philip
>
> I for one would be interested in knowing how they hacked port 80 if you
> know.
>
> Skip
>
> -----Original Message-----
> From: Philip Laing [mailto:philip.laing@ascconsultants.com.au]
> Sent: Monday, October 08, 2007 9:23 PM
> To: user@ofbiz.apache.org
> Subject: Setup with more than one computer - Security and Apache for a
> web server
>
>
> Thanks Mike
>
> That is exactly what I was looking for but I didn't quite know how to word
> it.
>
> I have slightly changed the subject to fit more closely to where the
> thread
> might be heading
>
> Thanks for the input from everyone; I have been able to glean that:
>
> 1. IP Addresses are not an issues with OFBiz's various components talking
> to
> one another, ports and configuration of OFBiz's framework files are the
> important areas to consider
> 2. It is possible to split OFBiz into 2-3 x nodes/servers during
> installation
>
> Half the challenge with setting up solutions such as OFBiz is know how it
> thinks and what it needs to communicate between the various engines.
>
> The reason I am interested is that I has a bad experience with Compiere.
> During development I had left port 80 open through my firewall to single
> computer installation and had the web server (Tomcat) hacked into and
> broken. So I am very conscious of security and I am wondered if I could
> split the web server and place in DMZ with the rest of OZBiz safely
> sitting
> behind my firewall. If they break the web server it won't be as big an
> issue to fix or protect the dbase and other parts from being compromised
> by
> ID thieves looking credit card and other ID details
>
> Thanks again for your input
>
> Philip Laing Dip. Sys Admin IT
> ASC Consultants
> 33 Vendul Crescent
> Port Macquarie NSW 2444
>
> Phone: 61 2 6582 7147
> Mobile : 0411827147
>
> Web Page: www.ascconsultants.com.au
> Email: philip.laing@ascconsultants.com.au
>
> > -----Original Message-----
> > From: Mike Wong [mailto:mike.ym.wong@finepoint.com.hk]
> > Sent: Tuesday, 9 October 2007 1:47 PM
> > To: user@ofbiz.apache.org
> > Subject: RE: Setup with more than one computer
> >
> > Philip,
> >
> > You can deploy something like this
> >
> > Computer-1 running httpd with mod_jk
> > Computer-2 running ofbiz with only mod_jk port open
> > Computer-3 running DB
> >
> > Doing so you have to change some configurations in the url.properties
> file
> > and find some way to sync all your static files to the httpd doc root.
> >
> > Mike
> >
> > -----Original Message-----
> > From: Philip Laing [mailto:philip.laing@ascconsultants.com.au]
> > Sent: Monday, October 08, 2007 14:35
> > To: user@ofbiz.apache.org
> > Subject: RE: Setup with more than one computer
> >
> >
> > Thanks Skip
> >
> > Exactly what I needed thanks for that ... now can I install over 3
> > computers?
> >
> > Computer-1 webserver
> > Computer-2 application server
> > Computer-3 database
> >
> > Thanks again ... I really appreciate your input
> >
> > Phil
> >
> >
> > > -----Original Message-----
> > > From: skip@theDevers [mailto:skip@thedevers.org]
> > > Sent: Monday, 8 October 2007 2:55 PM
> > > To: user@ofbiz.apache.org
> > > Subject: RE: Setup with more than one computer
> > >
> > > Philip
> > >
> > > What you wanna do is pretty easy. Have a look at entityengine.xml in
> > > framework/entity/config.
> > >
> > > Look toward the bottom till you find the database type you use, say
> > > "localpostgres". Clone this and call it something else, then change
> > where
> > > the jdbc driver looks. For example, its currently set to
> > > jdbc-uri="jdbc:postgresql://127.0.0.1/ofbiz".
> > >
> > > You make a new one maybe like this:
> > > "jdbc:postgresql://192.168.1.100/ofbiz".
> > >
> > > The database server can be anywhere you want.
> > >
> > > Check this out:
> > >
> >
> http://docs.ofbiz.org/display/OFBTECH/Apache+OFBiz+Technical+Production+Se
> > > tu
> > > p+Guide
> > >
> > > Here is another link:
> > >
> > > http://www.undersunconsulting.com/static/OFBizBasicProductionSetup.pdf
> > >
> > > Skip
> > >
> > > -----Original Message-----
> > > From: Philip Laing [mailto:philip.laing@ascconsultants.com.au]
> > > Sent: Sunday, October 07, 2007 8:50 PM
> > > To: user@ofbiz.apache.org
> > > Subject: RE: Setup with more than one computer
> > >
> > >
> > > Hi BJ
> > >
> > > No ... not 2 instances ... just break up the installation over 2
> > computers
> > > i.e. 1st computer with dbase installed and 2nd computer with
> application
> > > installed
> > >
> > > cheers
> > >
> > > Web Page: www.ascconsultants.com.au
> > > Email: philip.laing@ascconsultants.com.au
> > >
> > > > -----Original Message-----
> > > > From: BJ Freeman [mailto:bjfree@free-man.net]
> > > > Sent: Monday, 8 October 2007 10:51 AM
> > > > To: user@ofbiz.apache.org
> > > > Subject: Re: Setup with more than one computer
> > > >
> > > > Clarification:
> > > > it looks like you want to run two instances of ofbiz
> > > > to the same DB.
> > > > this takes extra configuration.
> > > >
> > > > FYI the apps use the web server
> > > > I think you are referring the Ecommerce side
> > > >
> > > > not sure why you want to use two instances, since the backend (apps)
> > is
> > > > ssl and 8443.
> > > > you can block that port through the fire wall if you only want intra
> > lan
> > > > communications.
> > > >
> > > > i run all behind a firewall, and both the http and https on the
> > internet
> > > > using a firewall for ports 80 and 8443.
> > > > so the DB is protected.
> > > > I believe you can route intra lan usage through a firewall for port
> > 8443
> > > > (apps)
> > > >
> > > >
> > > > Philip Laing sent the following on 10/7/2007 4:19 PM:
> > > > > Hi Fellas
> > > > >
> > > > > The network topology I would like OFBiz setup is using more than
> one
> > > > > computer using the following options:
> > > > > 1. Application Server + Dbase
> > > > > 2. Web Server + Application Server + Dbase
> > > > >
> > > > > Now . I would feel confident setting up:
> > > > >
> > > > > Option 1. (Apps + Dbase) I will be placing the Apps and Dbase
> > between
> > > a
> > > > > firewall i.e. Apps-(192.168.0.192/24) > Firewall > Dbase-
> > > > (192.168.2.100/24)
> > > > >
> > > > > Option 2. (Web Server+ Apps + Dbase) Web Server-(192.168.1.100/24)
> >
> > > > > Firewall > Dbase-(192.168.2.100/24) + Apps-(192.168.2.101/24)
> > > > >
> > > > > Notice the IP Addresses and different subnet masks. The question
> > is:
> > > > OFBiz
> > > > > should be able to talk to the *dbase*, *webserver* and or
> > *application
> > > > > server* though ports only - Not relying on the same IP addressing?
> > In
> > > > other
> > > > > words, rather than relying on TCP/IP to transfer information to
> each
> > > > node
> > > > > ... or do I need to route the disparate IP addressing so that each
> > > node
> > > > can
> > > > > see each other through IP addressing
> > > > >
> > > > > Thanks in advance
> > > > >
> > > > >
> > > > > Phil
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> >
>
RE: Setup with more than one computer - Security and Apache for a web server
Posted by "skip@theDevers" <sk...@thedevers.org>.
Philip
I for one would be interested in knowing how they hacked port 80 if you
know.
Skip
-----Original Message-----
From: Philip Laing [mailto:philip.laing@ascconsultants.com.au]
Sent: Monday, October 08, 2007 9:23 PM
To: user@ofbiz.apache.org
Subject: Setup with more than one computer - Security and Apache for a
web server
Thanks Mike
That is exactly what I was looking for but I didn't quite know how to word
it.
I have slightly changed the subject to fit more closely to where the thread
might be heading
Thanks for the input from everyone; I have been able to glean that:
1. IP Addresses are not an issues with OFBiz's various components talking to
one another, ports and configuration of OFBiz's framework files are the
important areas to consider
2. It is possible to split OFBiz into 2-3 x nodes/servers during
installation
Half the challenge with setting up solutions such as OFBiz is know how it
thinks and what it needs to communicate between the various engines.
The reason I am interested is that I has a bad experience with Compiere.
During development I had left port 80 open through my firewall to single
computer installation and had the web server (Tomcat) hacked into and
broken. So I am very conscious of security and I am wondered if I could
split the web server and place in DMZ with the rest of OZBiz safely sitting
behind my firewall. If they break the web server it won't be as big an
issue to fix or protect the dbase and other parts from being compromised by
ID thieves looking credit card and other ID details
Thanks again for your input
Philip Laing Dip. Sys Admin IT
ASC Consultants
33 Vendul Crescent
Port Macquarie NSW 2444
Phone: 61 2 6582 7147
Mobile : 0411827147
Web Page: www.ascconsultants.com.au
Email: philip.laing@ascconsultants.com.au
> -----Original Message-----
> From: Mike Wong [mailto:mike.ym.wong@finepoint.com.hk]
> Sent: Tuesday, 9 October 2007 1:47 PM
> To: user@ofbiz.apache.org
> Subject: RE: Setup with more than one computer
>
> Philip,
>
> You can deploy something like this
>
> Computer-1 running httpd with mod_jk
> Computer-2 running ofbiz with only mod_jk port open
> Computer-3 running DB
>
> Doing so you have to change some configurations in the url.properties file
> and find some way to sync all your static files to the httpd doc root.
>
> Mike
>
> -----Original Message-----
> From: Philip Laing [mailto:philip.laing@ascconsultants.com.au]
> Sent: Monday, October 08, 2007 14:35
> To: user@ofbiz.apache.org
> Subject: RE: Setup with more than one computer
>
>
> Thanks Skip
>
> Exactly what I needed thanks for that ... now can I install over 3
> computers?
>
> Computer-1 webserver
> Computer-2 application server
> Computer-3 database
>
> Thanks again ... I really appreciate your input
>
> Phil
>
>
> > -----Original Message-----
> > From: skip@theDevers [mailto:skip@thedevers.org]
> > Sent: Monday, 8 October 2007 2:55 PM
> > To: user@ofbiz.apache.org
> > Subject: RE: Setup with more than one computer
> >
> > Philip
> >
> > What you wanna do is pretty easy. Have a look at entityengine.xml in
> > framework/entity/config.
> >
> > Look toward the bottom till you find the database type you use, say
> > "localpostgres". Clone this and call it something else, then change
> where
> > the jdbc driver looks. For example, its currently set to
> > jdbc-uri="jdbc:postgresql://127.0.0.1/ofbiz".
> >
> > You make a new one maybe like this:
> > "jdbc:postgresql://192.168.1.100/ofbiz".
> >
> > The database server can be anywhere you want.
> >
> > Check this out:
> >
> http://docs.ofbiz.org/display/OFBTECH/Apache+OFBiz+Technical+Production+Se
> > tu
> > p+Guide
> >
> > Here is another link:
> >
> > http://www.undersunconsulting.com/static/OFBizBasicProductionSetup.pdf
> >
> > Skip
> >
> > -----Original Message-----
> > From: Philip Laing [mailto:philip.laing@ascconsultants.com.au]
> > Sent: Sunday, October 07, 2007 8:50 PM
> > To: user@ofbiz.apache.org
> > Subject: RE: Setup with more than one computer
> >
> >
> > Hi BJ
> >
> > No ... not 2 instances ... just break up the installation over 2
> computers
> > i.e. 1st computer with dbase installed and 2nd computer with application
> > installed
> >
> > cheers
> >
> > Web Page: www.ascconsultants.com.au
> > Email: philip.laing@ascconsultants.com.au
> >
> > > -----Original Message-----
> > > From: BJ Freeman [mailto:bjfree@free-man.net]
> > > Sent: Monday, 8 October 2007 10:51 AM
> > > To: user@ofbiz.apache.org
> > > Subject: Re: Setup with more than one computer
> > >
> > > Clarification:
> > > it looks like you want to run two instances of ofbiz
> > > to the same DB.
> > > this takes extra configuration.
> > >
> > > FYI the apps use the web server
> > > I think you are referring the Ecommerce side
> > >
> > > not sure why you want to use two instances, since the backend (apps)
> is
> > > ssl and 8443.
> > > you can block that port through the fire wall if you only want intra
> lan
> > > communications.
> > >
> > > i run all behind a firewall, and both the http and https on the
> internet
> > > using a firewall for ports 80 and 8443.
> > > so the DB is protected.
> > > I believe you can route intra lan usage through a firewall for port
> 8443
> > > (apps)
> > >
> > >
> > > Philip Laing sent the following on 10/7/2007 4:19 PM:
> > > > Hi Fellas
> > > >
> > > > The network topology I would like OFBiz setup is using more than one
> > > > computer using the following options:
> > > > 1. Application Server + Dbase
> > > > 2. Web Server + Application Server + Dbase
> > > >
> > > > Now . I would feel confident setting up:
> > > >
> > > > Option 1. (Apps + Dbase) I will be placing the Apps and Dbase
> between
> > a
> > > > firewall i.e. Apps-(192.168.0.192/24) > Firewall > Dbase-
> > > (192.168.2.100/24)
> > > >
> > > > Option 2. (Web Server+ Apps + Dbase) Web Server-(192.168.1.100/24) >
> > > > Firewall > Dbase-(192.168.2.100/24) + Apps-(192.168.2.101/24)
> > > >
> > > > Notice the IP Addresses and different subnet masks. The question
> is:
> > > OFBiz
> > > > should be able to talk to the *dbase*, *webserver* and or
> *application
> > > > server* though ports only - Not relying on the same IP addressing?
> In
> > > other
> > > > words, rather than relying on TCP/IP to transfer information to each
> > > node
> > > > ... or do I need to route the disparate IP addressing so that each
> > node
> > > can
> > > > see each other through IP addressing
> > > >
> > > > Thanks in advance
> > > >
> > > >
> > > > Phil
> > > >
> > > >
> > > >
> > > >
> > > >
>
Question
Posted by "skip@theDevers" <sk...@thedevers.org>.
I have this bit of code:
GenericValue payment = delegator.findByPrimaryKey("Payment",
UtilMisc.toMap("paymentId", paymentId));
...
GenericValue paymentMethod =
payment.getRelatedOne("PaymentMethod");
The javadoc for getRelatedOne sez:
Parameters:
relationName - String containing the relation name which is the
combination of relation.title and relation.rel-entity-name as specified in
the entity XML definition file.
I did not quite understand this statement as it does not seem to make sense
in this context. Is this parameter a concatination of "Payment" and
"Method" where Payment is the relation.title and Method is the
relation.rel-entity-name?
I kinda dont think so. I looked in the entitydef file containg Payment and
found this:
<relation type="one" fk-name="PAYMENT_PMETH"
rel-entity-name="PaymentMethod">
<key-map field-name="paymentMethodId"/>
</relation>
So, I am assuming that this particular getRelatedOne call is going to open
the PaymentMethod entity and find the related "paymentMethodId" record.
Is this correct?
Also, if I see a yyy.getRelatedOne(xxx), can I assume that xxx is the entity
name to look in and xxxId is the key name in xxx always?
Thanks
Skip