Sorry, JavaScript is required for most features of this site.
Administrator Guide

This document covers administrator use of the CrushPaper web site.

For information on how to install, configure and run the CrushPaper server see this document.

Pages

Notes, Quotations and Sources

  1. Admins may see, modify or edit any user's notes, quotations and sources.

Accounts

  1. Only admins may browse the full list of accounts or search by username.
  2. Admins may modify any user's account information without knowing that user's password.
  3. Admins (or the user themselves) may prevent a user from signing in by marking their account as closed.
  4. Only admins may mark another account as an admin.

Shutdown

  1. Only admins may shutdown the server.
  2. This method of shutting down the server reduces the risk of corrupting the database compared to killing the process.

Clear Database

  1. This removes all data from the database.
  2. If the server is configured for single user mode then that account is automatically recreated after the database is cleared.

Online Backup

  1. This creates a copy of the database with an CSV extract for each database table.
  2. Changes made while the backup is being done will NOT corrupt the backup.

Check DB Errors

  1. This checks the database for internal consistency errors.
  2. This functionality is mainly for CrushPaper developers to use.
  3. This locks the database for a very long time. During this time any user operations will fail or be queued.
  4. If any errors are reported this could have resulted from:
    1. A bug in the logic of the CrushPaper server.
    2. The server was shutdown in an ungraceful manner (kill -9 is not graceful) and H2 was not able to recover its transactions.
    3. Manual modification of data in the H2 database through the H2 console interface.
    4. Corruption of the H2 database via the filesystem from another process.

Show Backups

  1. This lists all of the backups that have been made.
  2. Clicking on a backup will display the command for restoring the backup.
  3. The server must be shutdown and the command must be run from the command line in order to restore a backup.

Offline Backup

  1. This creates a copy of the database by copying the files via the command line.
  2. Changes made while the backup is being done will corrupt the backup.
  3. There is almost never a reason to do an offline backup instead of an online backup.

Security

  1. The CrushPaper server supports HTTPS and you are recommended to use it.
  2. Passwords are stored SHA1 hashed in the database.
  3. All CrushPaper operations which modify the database or are long running are implemented as POST requests that use tokens to prevent Cross-site request forgery (CSRF).
  4. The CrushPaper server is implemented entirely in Java which reduces the risks of security issues resulting from stack smashing and buffer overflows.
  5. All input to the CrushPaper server is validated and anything stored in the database in length checked.
  6. By policy a user's information is not stored in application or HTTP request log files.

H2 Database

  1. By default the database is created with a blank username and password.


Try CrushPaper for free without creating an account!


Or watch the Demo Movie