http://<machine name>/~<user id>/
Whilst this is an excellent feature practically, it makes me wonder about
releasing your user id to the world. It seems to be growing in acceptance
that e-mail addresses should be advertised as initial.surname@machine or
something similar, rather than userid@machine. This avoids any potential
crackers being able to tie a host name and user id together in any break-in
attempts.
The URL outlined above seems to achieve this however - a paired user id and
hostname.
So - is there some way around this currently?
- could the existing user authentication stuff be expanded to store user
aliases and home directories
- is this a big problem anyway?
Thanks
Marcus
Server admin for <http://web.cs.nott.ac.uk/>
----
m.ro...@cs.nott.ac.uk Communications Research Group
Dept. of Computer Science
Nottingham University, UK
: http://<machine name>/~<user id>/
: Whilst this is an excellent feature practically, it makes me wonder about
: releasing your user id to the world. It seems to be growing in acceptance
: that e-mail addresses should be advertised as initial.surname@machine or
: something similar, rather than userid@machine. This avoids any potential
: crackers being able to tie a host name and user id together in any break-in
: attempts.
Yes, but someone could just finger @ the machine and get the user id's
anyway...
: The URL outlined above seems to achieve this however - a paired user id and
: hostname.
: So - is there some way around this currently?
: - could the existing user authentication stuff be expanded to store user
: aliases and home directories
: - is this a big problem anyway?
A feature I left out is the ability to disable user directories entirely, or
to alias them. I am planning to get back to it..
What this would mean is that in the future, you could Alias /~Your.Name/ to
your home directory and disable the user-supported directories feature.
--
Rob McCool, ro...@ncsa.uiuc.edu
Software Development Group, National Center for Supercomputing Applications
It was working ten minutes ago, I swear...
Rob> A feature I left out is the ability to disable user directories
Rob> entirely, or to alias them. I am planning to get back to it..
I tried (with httpd1.0a3?):
Directory /users
Method GET {
deny from all
}
... and it seemd to work. Perhaps it doesn't?
Homann
--
Magnus Homann Email: d0a...@dtek.chalmers.se
URL: http://www.dtek.chalmers.se/DCIG/d0asta.html
: Directory /users
: Method GET {
: deny from all
: }
This works, but what I mean is an explicit way of disabling it (in case not
all of your users are in one directory).
A work-around (or even better solution?) is to disable all
directories except the ones mentioned in access.conf by
specifying (for NCSA httpd1.04a):
<Directory />
Options FollowSymLinks # DON'T let users run scripts
AllowOverride Limit FileInfo # ------------ " ------------
<Limit GET>
deny from all # or whatever you want
</Limit>
</Directory>
(or something even stricter) in access.conf.
To Rob: Perhaps you should have such an entry in your provided
access.conf file labled "default access control" or something?
This is nice since often you'll want to have a different access
configuration for the main WWW-directory hierarchy and
"everything else" (including user directories which you have no
control over).
Bye,
--
Bjørn Stabell
(bjo...@staff.cs.uit.no)
A reasonable idea.
///Peter
: I'm just about to start delving into forms: there have been a few URLs
: circulated which point at examples, but (of course) I didn't save them.
: Could someone please point me at a few of them, and at where the specs
: are (I couldn't find them at info.cern.ch :-) nor ncsa.uiuc.edu...)
http://www/SDG/Software/Mosaic/Docs/fill-out-forms/overview.html
From there you'll find examples.
For those of us outside of NCSA that would be:
http://www.ncsa.uiuc.edu/SDG/Software/Mosaic/Docs/fill-out-forms/overview.html
> http://www/SDG/Software/Mosaic/Docs/fill-out-forms/overview.htm
Close :) Try:
http://www.ncsa.uiuc.edu/SDG/Software/Mosaic/Docs/fill-out-forms/overview.html
Cheers;
Nat
I saw the reply post on where to find forms examples, but I couldn't get it
to work...Does anyonelse know where to find forms examples?
Thanks
--------------------------------------------------------------------
Chris Shenefiel
Member Technical Staff
Opinions expressed do not reflect those of the management...
--------------------------------------------------------------------
Alas, Requested document (URL
http://www.ncsa.uiuc.edu/SDG/Software/Mosaic/Docs/fill-out-forms/overview.html
could not be accessed.
The information server either is not accessible or is refusing to serve
the document to you.
This happened yesterday, both with the hostname and the IP address :-(
///Peter
>--
>Rob McCool, ro...@ncsa.uiuc.edu
>Software Development Group, National Center for Supercomputing Applications
>It was working ten minutes ago, I swear...
Hehe. _I_ swore...
///Peter
Plus another trick: how do I specify to mail the completed form to someone?
<form action="mailto:user@node"> doesn't work, so do I need a script?
You're in luck...
http://south.ncsa.uiuc.edu/forms.html
Cheers,
Marc
--
Marc Andreessen
Software Development Group
National Center for Supercomputing Applications
ma...@ncsa.uiuc.edu (MIME welcomed here)
Thanks, that's great.
While you're at it, take a look at
<a href="http://curia.ucc.ie/info/net/eec_english.html">the future</a> of our language.
///Peter