

How to Install 
----------------

0.  Restart the web server.

    /etc/init.d/httpd restart

1.  If MySQL is not running start it.

    /etc/init.d/mysql start

2.  Optionally change the root database password from
    the default of empty.

    mysqladmin -u root passwd

3.  Optionally create a non-root database user with 
    selective permissions for FeatureKong.  

   bash# mysql -u root -p mysql
   mysql> GRANT SELECT,INSERT,UPDATE,DELETE,INDEX,
   ALTER,CREATE,DROP,REFERENCES ON kong.* TO kong@localhost IDENTIFIED BY
   'fkong_password';
   mysql> FLUSH PRIVILEGES;
   mysql> quit

4.  Edit the database connection parameter at the top of 
    featurekong_startup.pl 

5.  Run ./checksetup.pl to create the databases and 
    create a first administrator account.

6.  Use a web browser to connect to FeatureKong at
    http://localhost/fkong



Security
-----------------

FeatureKong runs inside your web server process for 
speed.  Unfortunately, it means anyone who can run
code as that unix user, such as a CGI writer, can obtain
the database passwords of FeatureKong.

Likewise, you must worry about the permissions of the
featurekong_startup.pl script because it has the database passwords.

Anyone who can modify the FeatureKong modules (*.pm files)
or create new modules in the FeatureKong directory, 
would also be able to steal the database password.

FeatureKong does not store passwords directly in the
database but instead stores a MD5 hash of the password.

FeatureKong does not use the open(), system(), qx() and
many other commands of Perl which are prone to 
vulnerabilities.





