Subject: Re: Web Access to Data?
From: Fritz Stauffer
Submitted: Tue, 22 Nov 2005 11:58:27 -0700
Message number: 936
(previous: 935,
next: 937
up: Index)
--Apple-Mail-2--240115242
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=US-ASCII;
delsp=yes;
format=flowed
I have disabled the automatic indexing of the directories, and now,
when you go to the directory, it gives this a "Forbidden" message.
This still allows TUI and APO users to access data by knowing the
exact URL. Without the observing logs and the detailed knowledge
about the directory structure, it would be almost impossible to find
a URL to data.
On Nov 21, 2005, at 3:42 PM, Russell E Owen wrote:
> TUI uses this web server to download images, so please do not
> disable it. But I agree that a public link is not a good idea and
> something should be done about it.
>
> One simple possibility is to make all subdirs unsearchable, so that
> the user must know the exact path to a file to download it. (In
> fact I thought the web service was already configure that way, but
> clearly it's not.)
>
> If more security is wanted, we can come up with something.
--Apple-Mail-2--240115242
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=ISO-8859-1
<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><DIV>I have disabled the =
automatic indexing of the directories, and now, when you go to the =
directory, it gives this a "Forbidden" message.=A0 This still allows TUI =
and APO users to access data by knowing the exact URL.=A0 Without the =
observing logs and the detailed knowledge about the directory structure, =
it would be almost impossible to find a URL to data.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV><DIV>On Nov 21, 2005, at =
3:42 PM, Russell E Owen wrote:</DIV><BR =
class=3D"Apple-interchange-newline"><BLOCKQUOTE type=3D"cite"><P =
style=3D"margin: 0.0px 0.0px 0.0px 0.0px"><FONT face=3D"Helvetica" =
size=3D"3" style=3D"font: 12.0px Helvetica">TUI uses this web server to =
download images, so please do not disable it. But I agree that a public =
link is not a good idea and something should be done about =
it.</FONT></P> <P style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px =
Helvetica; min-height: 14.0px"><BR></P> <P style=3D"margin: 0.0px 0.0px =
0.0px 0.0px"><FONT face=3D"Helvetica" size=3D"3" style=3D"font: 12.0px =
Helvetica">One simple possibility is to make all subdirs unsearchable, =
so that the user must know the exact path to a file to download it. (In =
fact I thought the web service was already configure that way, but =
clearly it's not.)</FONT></P> <P style=3D"margin: 0.0px 0.0px 0.0px =
0.0px; font: 12.0px Helvetica; min-height: 14.0px"><BR></P> <P =
style=3D"margin: 0.0px 0.0px 0.0px 0.0px"><FONT face=3D"Helvetica" =
size=3D"3" style=3D"font: 12.0px Helvetica">If more security is wanted, =
we can come up with something.</FONT></P> =
</BLOCKQUOTE></DIV><BR></BODY></HTML>=
--Apple-Mail-2--240115242--
APO APO APO APO APO Apache Point Observatory 3.5m APO APO APO
APO
APO This is message 936 in the apo35-general archive. You can find
APO the archive on http://www.astro.princeton.edu/APO/apo35-general/INDEX.html
APO To join/leave the list, send mail to apo35-request@astro.princeton.edu
APO To post a message, mail it to apo35-general@astro.princeton.edu
APO
APO APO APO APO APO APO APO APO APO APO APO APO APO APO APO APO