Loading ...
Sorry, an error occurred while loading the content.

img in docs

Expand Messages
  • Florent Monnier
    Hi, Is it possible to include images in docs generated with ocamldoc, in order to make documentation more clear with diagrams to illustrate? thanks
    Message 1 of 11 , May 29, 2006
    • 0 Attachment
      Hi,

      Is it possible to include images in docs generated with ocamldoc,
      in order to make documentation more clear with diagrams to illustrate?

      thanks
    • Richard Jones
      ... I don t think I ve seen such a feature mentioned in the manual, but it s fairly easy to add your own ocamldoc directives, and I can imagine you could add
      Message 2 of 11 , May 29, 2006
      • 0 Attachment
        On Mon, May 29, 2006 at 08:55:41PM +0200, Florent Monnier wrote:
        > Is it possible to include images in docs generated with ocamldoc,
        > in order to make documentation more clear with diagrams to illustrate?

        I don't think I've seen such a feature mentioned in the manual, but
        it's fairly easy to add your own ocamldoc directives, and I can
        imagine you could add an @image tag or similar. See section 15.3,
        etc. in http://caml.inria.fr/pub/docs/manual-ocaml/manual029.html

        Rich.

        --
        Richard Jones, CTO Merjis Ltd.
        Merjis - web marketing and technology - http://merjis.com
        Team Notepad - intranets and extranets for business - http://team-notepad.com
      • Florent Monnier
        ... Hi Richard! it s a nice coincidence that it is you that answer to me, since I was wondering whether some customisations would be possible or not about the
        Message 3 of 11 , May 30, 2006
        • 0 Attachment
          > > Is it possible to include images in docs generated with ocamldoc,
          > > in order to make documentation more clear with diagrams to illustrate?
          >
          > I don't think I've seen such a feature mentioned in the manual, but
          > it's fairly easy to add your own ocamldoc directives, and I can
          > imagine you could add an @image tag or similar. See section 15.3,
          > etc. in http://caml.inria.fr/pub/docs/manual-ocaml/manual029.html

          Hi Richard!
          it's a nice coincidence that it is you that answer to me, since I was
          wondering whether some customisations would be possible or not about the
          mod_caml for Apache.
          There is a free (of charge) host for Free (as in Freedom) projects which is
          http://www.tuxfamily.org/, and just yesterday I've asked about getting another
          language than PHP, and they answered to me CGI was not allowed due to
          security issues. Though they tolled me that if the language I am requesting
          can provide the required safeness, it could be possible to install it in
          order to provide it for the hosted peoples.

          The security issues requisites are:
          - do not allow the access at the root path /
          - do not allow the access at the data of the other hosted peoples
          - the script should run as user
          - limit the max execution time of the script

          Well, I'm not currently asking you to do all the job for me :)
          (but if you are willing to, you can of course.)
          So I would at least know if you think it could be possible to do these
          requisites with your mod_ocaml?

          If you think so, could you point me on the good direction to do the job?

          Best Regards
          Florent
        • Richard Jones
          ... Basically mod_caml itself can t provide any of these requirements, because it runs inside the web server as the web server user (eg. typically user
          Message 4 of 11 , May 30, 2006
          • 0 Attachment
            On Tue, May 30, 2006 at 01:08:16PM +0200, Florent Monnier wrote:
            > The security issues requisites are:
            > - do not allow the access at the root path /
            > - do not allow the access at the data of the other hosted peoples
            > - the script should run as user
            > - limit the max execution time of the script

            Basically mod_caml itself can't provide any of these requirements,
            because it runs inside the web server as the web server user
            (eg. typically user 'nobody' or 'www-data'). In this respect it's
            just the same as something like mod_perl.

            If they want really want security they probably should be looking into
            some sort of virtualisation technique - eg. chroot, jails, UML, Xen, ...

            There is one alternative however - and it's something which we
            implemented for one of our clients. You can run your own instance of
            Apache as a regular user, listening for requests on a high-numbered
            port (eg. port 8080). The real instance of Apache acts as a proxy /
            web accelerator, listening as normal on port 80 and redirecting
            requests for your website to the high-numbered port.

            Rich.

            --
            Richard Jones, CTO Merjis Ltd.
            Merjis - web marketing and technology - http://merjis.com
            Team Notepad - intranets and extranets for business - http://team-notepad.com
          • Christophe TROESTLER
            ... You can always ask for FastCGI (http://www.fastcgi.com/ and http://fastcgi.coremail.cn/) or AJP and use OCamlNet (e.g. under its “new” unified
            Message 5 of 11 , May 30, 2006
            • 0 Attachment
              On Tue, 30 May 2006, Florent Monnier <fmonnier@...> wrote:
              >
              > The security issues requisites are:
              > - do not allow the access at the root path /
              > - do not allow the access at the data of the other hosted peoples
              > - the script should run as user
              > - limit the max execution time of the script

              You can always ask for FastCGI (http://www.fastcgi.com/ and
              http://fastcgi.coremail.cn/) or AJP and use OCamlNet (e.g. under its
              “new” unified interface http://ocaml-cgi.sourceforge.net/netcgi/doc/).
              Both connectors support the above requirements (except for the max
              execution time for “remote” connectors but root can set a maximum cpu
              usage for each user). If you execute FCGI or AJP scripts with a
              “remote” connector but with your program running on the webserver
              machine, launch them with the “nohup” command before logging out.
              Since these scripts are just executables, you just need to transfer
              the binaries if you compile them to native code.

              Hope it helps,
              ChriS
            • Florent Monnier
              ... And what would you think about overloading in the stdlib the functions that could cause security problems, like for exemple the one to read files:
              Message 6 of 11 , May 30, 2006
              • 0 Attachment
                > > The security issues requisites are:
                > > - do not allow the access at the root path /
                > > - do not allow the access at the data of the other hosted peoples
                > > - the script should run as user
                > > - limit the max execution time of the script
                >
                > You can always ask for FastCGI (http://www.fastcgi.com/ and
                > http://fastcgi.coremail.cn/) or AJP and use OCamlNet (e.g. under its
                > “new” unified interface http://ocaml-cgi.sourceforge.net/netcgi/doc/).
                > Both connectors support the above requirements (except for the max
                > execution time for “remote” connectors but root can set a maximum cpu
                > usage for each user). If you execute FCGI or AJP scripts with a
                > “remote” connector but with your program running on the webserver
                > machine, launch them with the “nohup” command before logging out.
                > Since these scripts are just executables, you just need to transfer
                > the binaries if you compile them to native code.

                And what would you think about overloading in the stdlib the functions that
                could cause security problems, like for exemple the one to read files:
                http://caml.inria.fr/pub/docs/manual-ocaml/libref/Pervasives.html#VALopen_in

                ========================
                # ocaml-3.09.2/stdlib/pervasives.ml +224:

                external open_desc: string -> open_flag list -> int -> int = "caml_sys_open"

                let check_filename_path filename =
                let path = Filename.dirname filename in

                let home_path = Unix.getenv "HOME" in

                let len_path = String.length path in
                let len_home = String.length home_path in

                if len_path < len_home then
                failwith "access outside the user home not allowed";

                let base = String.sub path 0 len_home in
                if base <> home_path then
                failwith "access outside the user home not allowed";

                (true)


                (* overload open_desc *)
                let open_desc name mode perm =
                if (check_filename_path name) then
                open_desc name mode perm

                ======================
              • Richard Jones
                ... It s worth pointing out that from an architectural point of view, FastCGI is just the same as running a back-end Apache server with a front-end web
                Message 7 of 11 , May 30, 2006
                • 0 Attachment
                  On Tue, May 30, 2006 at 08:24:35PM +0200, Christophe TROESTLER wrote:
                  > You can always ask for FastCGI (http://www.fastcgi.com/ and
                  > http://fastcgi.coremail.cn/) or AJP and use OCamlNet (e.g. under its
                  > “new” unified interface http://ocaml-cgi.sourceforge.net/netcgi/doc/).

                  It's worth pointing out that from an architectural point of view,
                  FastCGI is just the same as running a back-end Apache server with a
                  front-end web accelerator, as I described in my original posting.
                  Just replace the FCGI/AJP protocol with simple HTTP.

                  Rich.

                  --
                  Richard Jones, CTO Merjis Ltd.
                  Merjis - web marketing and technology - http://merjis.com
                  Team Notepad - intranets and extranets for business - http://team-notepad.com
                • Michael Wojcik
                  ... It might be handy to emulate Doxygen and add @dot / @enddot custom tags that mark text to be passed to the dot utility from the Graphviz package, since
                  Message 8 of 11 , May 30, 2006
                  • 0 Attachment
                    Richard Jones wrote:
                    > On Mon, May 29, 2006 at 08:55:41PM +0200, Florent Monnier wrote:
                    >
                    >>Is it possible to include images in docs generated with ocamldoc,
                    >>in order to make documentation more clear with diagrams to illustrate?
                    >
                    >
                    > I don't think I've seen such a feature mentioned in the manual, but
                    > it's fairly easy to add your own ocamldoc directives, and I can
                    > imagine you could add an @image tag or similar. See section 15.3,
                    > etc. in http://caml.inria.fr/pub/docs/manual-ocaml/manual029.html

                    It might be handy to emulate Doxygen and add @dot / @enddot custom tags
                    that mark text to be passed to the dot utility from the Graphviz
                    package, since that's what ocamldoc uses to generate its dependency graphs.

                    dot's nice for some kinds of ad hoc diagrams because you don't need to
                    worry about layout - in the simplest case, you just list relationships
                    among named nodes and dot draws a picture. (There's quite a bit of
                    optional markup in dot for fancier diagrams.) And because the graph is
                    represented by a structured-text description in the docs, it's easier to
                    keep it in sync with the implementation than it would be with a static
                    image in a separate file, which is one of the selling points of
                    in-source documentation.

                    I've used dot graphs to good effect in Doxygen-generated docs.

                    I don't think ocamldoc actually runs dot when it generates a dependency
                    graph (unlike Doxygen), so this might be done with two passes: an
                    ocamldoc custom generator (inheriting from the HTML one or whatever)
                    writes dot scripts out to temporary files while generating the main docs
                    and replaces them with IMG tags, then dot runs to generate the image
                    files. Trivial to handle in a makefile.

                    --
                    Michael Wojcik
                  • Christophe TROESTLER
                    ... Of course. Not from an efficiency point of view however. Also it is easier for the sysadmin : he just install the connector and sets limits on user
                    Message 9 of 11 , May 31, 2006
                    • 0 Attachment
                      On Tue, 30 May 2006, Richard Jones <rich@...> wrote:
                      >
                      > On Tue, May 30, 2006 at 08:24:35PM +0200, Christophe TROESTLER wrote:
                      > > You can always ask for FastCGI (http://www.fastcgi.com/ and
                      > > http://fastcgi.coremail.cn/) or AJP and use OCamlNet (e.g. under its
                      > > "new" unified interface http://ocaml-cgi.sourceforge.net/netcgi/doc/).
                      >
                      > It's worth pointing out that from an architectural point of view,
                      > FastCGI is just the same as running a back-end Apache server with a
                      > front-end web accelerator, as I described in my original posting.
                      > Just replace the FCGI/AJP protocol with simple HTTP.

                      Of course. Not from an efficiency point of view however. Also it is
                      easier for the sysadmin : he just install the connector and sets
                      limits on user processes (not a single bit of ocaml to install). And,
                      if for example he chooses AJP, Java fans will be equally happy...

                      Cheers,
                      ChriS
                    • Christophe TROESTLER
                      ... Not sure to follow you here. If you think this overloading will make it safe, forget it. For example you cannot forbid the programmer to use the external
                      Message 10 of 11 , May 31, 2006
                      • 0 Attachment
                        On Tue, 30 May 2006, Florent Monnier <fmonnier@...> wrote:
                        >
                        > And what would you think about overloading in the stdlib the functions that
                        > could cause security problems, like for exemple the one to read files:
                        > http://caml.inria.fr/pub/docs/manual-ocaml/libref/Pervasives.html#VALopen_in

                        Not sure to follow you here. If you think this overloading will make
                        it safe, forget it. For example you cannot forbid the programmer to
                        use the external keyword to bind to whichever C function he likes.

                        In any case this is a non issue with the remote FCGI or AJP connectors
                        as the process runs with your user id -- it cannot do anything you are
                        not allowed to do logging to the box. In other words : you mess with
                        your files as you like but nothing else ! :)

                        Cheers,
                        ChriS
                      • Martin Jambon
                        ... A few words from Xavier Leroy on that topic: http://caml.inria.fr/pub/ml-archives/caml-list/2002/02/944945f507884d41bad70d4d47a6ab39.en.html ... -- Martin
                        Message 11 of 11 , May 31, 2006
                        • 0 Attachment
                          On Wed, 31 May 2006, Christophe TROESTLER wrote:

                          > On Tue, 30 May 2006, Florent Monnier <fmonnier@...> wrote:
                          >>
                          >> And what would you think about overloading in the stdlib the functions that
                          >> could cause security problems, like for exemple the one to read files:
                          >> http://caml.inria.fr/pub/docs/manual-ocaml/libref/Pervasives.html#VALopen_in
                          >
                          > Not sure to follow you here. If you think this overloading will make
                          > it safe, forget it. For example you cannot forbid the programmer to
                          > use the external keyword to bind to whichever C function he likes.

                          A few words from Xavier Leroy on that topic:

                          http://caml.inria.fr/pub/ml-archives/caml-list/2002/02/944945f507884d41bad70d4d47a6ab39.en.html


                          > In any case this is a non issue with the remote FCGI or AJP connectors
                          > as the process runs with your user id -- it cannot do anything you are
                          > not allowed to do logging to the box. In other words : you mess with
                          > your files as you like but nothing else ! :)
                          >
                          >
                          > Cheers,
                          > ChriS
                          >
                          >
                          >
                          > Archives up to August 22, 2005 are also downloadable at http://www.connettivo.net/cntprojects/ocaml_beginners/
                          > The archives of the very official ocaml list (the seniors' one) can be found at http://caml.inria.fr
                          > Attachments are banned and you're asked to be polite, avoid flames etc.
                          > Yahoo! Groups Links
                          >
                          >
                          >
                          >
                          >
                          >
                          >

                          --
                          Martin Jambon, PhD
                          http://martin.jambon.free.fr

                          Edit http://wikiomics.org, bioinformatics wiki
                        Your message has been successfully submitted and would be delivered to recipients shortly.