Subject: Re: Web Access to Data?

From: Fritz Stauffer

Submitted: Tue, 22 Nov 2005 11:58:27 -0700

Message number: 936 (previous: 935, next: 937 up: Index)

--Apple-Mail-2--240115242
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

I have disabled the automatic indexing of the directories, and now,  
when you go to the directory, it gives this a "Forbidden" message.   
This still allows TUI and APO users to access data by knowing the  
exact URL.  Without the observing logs and the detailed knowledge  
about the directory structure, it would be almost impossible to find  
a URL to data.

On Nov 21, 2005, at 3:42 PM, Russell E Owen wrote:

> TUI uses this web server to download images, so please do not  
> disable it. But I agree that a public link is not a good idea and  
> something should be done about it.
>
> One simple possibility is to make all subdirs unsearchable, so that  
> the user must know the exact path to a file to download it. (In  
> fact I thought the web service was already configure that way, but  
> clearly it's not.)
>
> If more security is wanted, we can come up with something.


--Apple-Mail-2--240115242
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=ISO-8859-1

<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><DIV>I have disabled the =
automatic indexing of the directories, and now, when you go to the =
directory, it gives this a "Forbidden" message.=A0 This still allows TUI =
and APO users to access data by knowing the exact URL.=A0 Without the =
observing logs and the detailed knowledge about the directory structure, =
it would be almost impossible to find a URL to data.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV><DIV>On Nov 21, 2005, at =
3:42 PM, Russell E Owen wrote:</DIV><BR =
class=3D"Apple-interchange-newline"><BLOCKQUOTE type=3D"cite"><P =
style=3D"margin: 0.0px 0.0px 0.0px 0.0px"><FONT face=3D"Helvetica" =
size=3D"3" style=3D"font: 12.0px Helvetica">TUI uses this web server to =
download images, so please do not disable it. But I agree that a public =
link is not a good idea and something should be done about =
it.</FONT></P> <P style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px =
Helvetica; min-height: 14.0px"><BR></P> <P style=3D"margin: 0.0px 0.0px =
0.0px 0.0px"><FONT face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px =
Helvetica">One simple possibility is to make all subdirs unsearchable, =
so that the user must know the exact path to a file to download it. (In =
fact I thought the web service was already configure that way, but =
clearly it's not.)</FONT></P> <P style=3D"margin: 0.0px 0.0px 0.0px =
0.0px; font: 12.0px Helvetica; min-height: 14.0px"><BR></P> <P =
style=3D"margin: 0.0px 0.0px 0.0px 0.0px"><FONT face=3D"Helvetica" =
size=3D"3" style=3D"font: 12.0px Helvetica">If more security is wanted, =
we can come up with something.</FONT></P> =
</BLOCKQUOTE></DIV><BR></BODY></HTML>=

--Apple-Mail-2--240115242--

APO APO APO APO APO  Apache Point Observatory 3.5m  APO APO APO
APO
APO  This is message 936 in the apo35-general archive. You can find
APO  the archive on http://www.astro.princeton.edu/APO/apo35-general/INDEX.html
APO  To join/leave the list, send mail to apo35-request@astro.princeton.edu
APO  To post a message, mail it to apo35-general@astro.princeton.edu
APO
APO APO APO APO APO APO APO APO APO APO APO APO APO APO APO APO