--Apple-Mail-2--240115242 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed I have disabled the automatic indexing of the directories, and now, when you go to the directory, it gives this a "Forbidden" message. This still allows TUI and APO users to access data by knowing the exact URL. Without the observing logs and the detailed knowledge about the directory structure, it would be almost impossible to find a URL to data. On Nov 21, 2005, at 3:42 PM, Russell E Owen wrote: > TUI uses this web server to download images, so please do not > disable it. But I agree that a public link is not a good idea and > something should be done about it. > > One simple possibility is to make all subdirs unsearchable, so that > the user must know the exact path to a file to download it. (In > fact I thought the web service was already configure that way, but > clearly it's not.) > > If more security is wanted, we can come up with something. --Apple-Mail-2--240115242 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=ISO-8859-1 <HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; = -khtml-line-break: after-white-space; "><DIV>I have disabled the = automatic indexing of the directories, and now, when you go to the = directory, it gives this a "Forbidden" message.=A0 This still allows TUI = and APO users to access data by knowing the exact URL.=A0 Without the = observing logs and the detailed knowledge about the directory structure, = it would be almost impossible to find a URL to data.</DIV><DIV><BR = class=3D"khtml-block-placeholder"></DIV><DIV><DIV>On Nov 21, 2005, at = 3:42 PM, Russell E Owen wrote:</DIV><BR = class=3D"Apple-interchange-newline"><BLOCKQUOTE type=3D"cite"><P = style=3D"margin: 0.0px 0.0px 0.0px 0.0px"><FONT face=3D"Helvetica" = size=3D"3" style=3D"font: 12.0px Helvetica">TUI uses this web server to = download images, so please do not disable it. But I agree that a public = link is not a good idea and something should be done about = it.</FONT></P> <P style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px = Helvetica; min-height: 14.0px"><BR></P> <P style=3D"margin: 0.0px 0.0px = 0.0px 0.0px"><FONT face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px = Helvetica">One simple possibility is to make all subdirs unsearchable, = so that the user must know the exact path to a file to download it. (In = fact I thought the web service was already configure that way, but = clearly it's not.)</FONT></P> <P style=3D"margin: 0.0px 0.0px 0.0px = 0.0px; font: 12.0px Helvetica; min-height: 14.0px"><BR></P> <P = style=3D"margin: 0.0px 0.0px 0.0px 0.0px"><FONT face=3D"Helvetica" = size=3D"3" style=3D"font: 12.0px Helvetica">If more security is wanted, = we can come up with something.</FONT></P> = </BLOCKQUOTE></DIV><BR></BODY></HTML>= --Apple-Mail-2--240115242-- APO APO APO APO APO Apache Point Observatory 3.5m APO APO APO APO APO This is message 936 in the apo35-general archive. You can find APO the archive on http://www.astro.princeton.edu/APO/apo35-general/INDEX.html APO To join/leave the list, send mail to apo35-request@astro.princeton.edu APO To post a message, mail it to apo35-general@astro.princeton.edu APO APO APO APO APO APO APO APO APO APO APO APO APO APO APO APO APO