At 3:03 PM -0700 2005-11-21, Fritz Stauffer wrote: >X-SpamCop-Whitelisted: nmsu.edu > >All, > >APO has had a hidden URL to the data for the last few months, and >recently it has appeared in the web pages. Now that the link is >public, it can let anyone access the data. > >The question is, I would like to remove this link and let users >access the data with FTP or secure FTP. Is there any compelling >reason to leave this link? If possible, let me know soon, so I can >decide how to handle this before the holidays. TUI uses this web server to download images, so please do not disable it. But I agree that a public link is not a good idea and something should be done about it. One simple possibility is to make all subdirs unsearchable, so that the user must know the exact path to a file to download it. (In fact I thought the web service was already configure that way, but clearly it's not.) If more security is wanted, we can come up with something. -- Russell APO APO APO APO APO Apache Point Observatory 3.5m APO APO APO APO APO This is message 935 in the apo35-general archive. You can find APO the archive on http://www.astro.princeton.edu/APO/apo35-general/INDEX.html APO To join/leave the list, send mail to apo35-request@astro.princeton.edu APO To post a message, mail it to apo35-general@astro.princeton.edu APO APO APO APO APO APO APO APO APO APO APO APO APO APO APO APO APO