+you installed the "mir" directory). (Here and in the rest of this document,
+we assume you called the link "Mir", but this could be named anything.)
+ cd /path/to/tomcat/webapps (tomcat-4.0.x/webapps)
+ ln -s /path/to/Mir Mir
+
+with tomcat 4.0.x, you could dynamically reload and stop the Mir webapp without
+restarting tomcat by using the "Manager App" with the following url:
+
+http://localhost:8080/manager/stop?path=/Mir
+
+This is practical if you are running several installations of mir on one
+tomcat or other webapps and can't afford to shutdown all of them.
+See the tomcat documentation to learn how to enable and use the manager app.
+
+7. Copy any dynamic library files ending with ".so" (so far only the JAI native
+acceleration library found in the JAI package tarball or zip from sun) to your
+$JAVA_HOME/jre/lib/i386 directory (where the other ".so" files live). Or, you
+can skip the whole thing and live without "native" acceleration for image
+manupulation.
+
+8a. create a new database
+The database name should be the same as in config.properties. Please look at
+the section "Database.*" to look up the names or change them to your needs.
+
+It is wise in terms of system seurity to use an unprivileged user for this
+task instead of the superuser. This is because if Mir uses the superuser to
+connect to the database and anybody manages to find out the password Mir
+uses to connect, the attacker can take over the complete database. So, in
+the following examples, we assume that the database name is "Mir", the
+database user will be "mir" and the password is "joshua". Please note that
+this particular password is far from being a good one. Watch "Wargames" for
+details. =B)
+
+To access the database as the database superuser, you either have to log in
+as postgres on Unix level (which we don't recommend because you will need
+another user to have a login shell and a password which makes system
+penetration more likely) or you have to tell PostgreSQL with each
+application call that you want to connect as a specific user. If you access
+the database from any other user's account, use the -U flag to connect to
+PostgreSQL as the database superuser ("postgres"):
+
+ createdb -U postgres --encoding=unicode Mir
+
+Please note that if you create the database from inside the psql application,
+the database name will likely be converted to lowercase letters.
+
+
+8b. create an unprivileged database user for Mir
+First, connect to the database as the database's superuser.
+
+ psql -U postgres Mir
+
+Now we create the actual user. Please choose a password that is hard to
+guess instead of "joshua". Good passwords have characters and numerals in
+it, have no link to its owner (like being her birthday, age, name of her
+husband, dog, child, car, favourite beer brand). A good password looks like
+this: "8ncx4un".
+
+ CREATE USER Mir WITH PASSWORD 'joshua' NOCREATEDB NOCREATEUSER;
+
+8c. create base table
+Please note that we use the superuser "postgres" to connect to the "Mir"
+database, /not/ the user "mir".
+
+ psql -Upostgres -f dbscripts/create_pg.sql Mir
+ for i in dbscripts/help*.sql ; do psql -Upostgres -f $i Mir ; done
+ for i in dbscripts/populate*.sql ; do psql -Upostgres -f $i Mir ; done
+
+8d. Grant the required permissions to the new user
+
+-- The following should be executed as the "postgres" DB user.
+-- Note that ID_FROM_PG_USER and DATABASENAME should be replace with the
+ appropriate field values from the 2 prior selects.
+-- set owner of datbase
+select * from pg_database;
+select * from pg_user;
+update pg_database set datdba=ID_FROM_PG_USER where datname=DATABASENAME
+
+-- find all tables to grant privs / select is just building sql
+-- to be exectued
+
+select 'grant all on '||relname||' to "de_indy";'
+from pg_class
+where relname not like 'pg%'
+order by relname;
+
+8e. Apply neccessary changes to config.properties
+
+Please open config.properties and look for the lines that begin with
+"Database.". The interesting properties are "Username", "Password", "Host"
+and "Name". Change these properties so that they reflect the settings you
+used to create the database and the user.
+
+You should make sure that no copy of config.properties (neither in mir nor
+in Mir/src nor in Mir/WEB-INF/classes nor in the directory tree you compiled
+Mir from) is world-readable. Else you wouldn't have to install a password,
+anyway.
+
+8f. Setup PostgreSQL so that all connections have to pass a password
+
+In /etc/postgresql/pg_hba.conf you should make sure that nobody can
+use the database without a password:
+
+local all password
+host all 127.0.0.1 255.0.0.0 password
+host all 0.0.0.0 0.0.0.0 reject
+
+This means: All local connections (i.e. psql without "-h hostname" option)
+have to authenticate themselves with a password. All connections from
+localhost (127.0.0.1) have to supply a password, too. All other connections
+are rejected. This line doen't have to be there if you have a properly
+configured firewall but even if you do have one, it adds to the security in
+case an attacker penetrates the firewall by some hack.
+
+If you can't access PostgreSQL after this for any reason, try and change
+"password" in /etc/postgresql/pg_hba.conf to "trust". This should disable
+any authentication method and make the database accessible again. Please use
+this setting only temporarily because anybody who can access the PostgreSQL
+server could take over the database completely this way. After you fixed
+your password setting, switch the setting back to "password".
+You may want to change your PostgreSQL password from time to time to make
+database takeover harder. Rememer: Security is a process.
+
+
+
+9. Add the dupe prevention trigger to the database:
+ cd dbscripts/dupetrigger
+
+ There, read INSTALL and follow the instructions.
+
+
+10. Tweak mime-type extensions mappings in etc/web.xml file.
+
+*** Note the defaults should be o.k for most installations ***