- From: ALASTAIR AITKEN CLMS <A.Aitken@unl.ac.uk>
- Date: Mon, 13 May 1996 09:41:21 +0000 (GMT)
- To: Jason.T.Vincent@jpl.nasa.gov
- Cc: www-talk@w3.org
Jason,
> I've tried the idea of creating a directory owned by 'nobody' in my
> web pages at my college. My friends (which have way too much free
> time) wrote their own cgi's and was able to edit that directory. It
> was ok for those pages, but these are government pages, they must be
> as secure as possible. Can this still be done if the directory is
> secured with a .htaccess file????
I use uname/pword control for the management routines of an employment vacancies
database:
http://www.unl.ac.uk/openings_2.01b/op_mngmnt/ # the management routines
http://www.unl.ac.uk/openings_2.01b/ # the user interface
Having all the data owned by nobody simplifies greatly my problems with
file permissions but, in addition, I use the Netscape Commerce Server's
authentication facilities to uname/pword protect this area. I think
you would need something like this as well. I can't remember whether
.htaccess is an NCSA or a CERN feature or both but if it doesn't support
uname/pword access control then it won't be sufficient.
I guess open government doesn't extend to allowing the general public the
right to make up the information. ;-)
No security scheme is perfect. Some people do nothing other than devising
and testing security systems. Thanks, people.
Alastair Aitken http://www.unl.ac.uk/~alastair mailto:a.aitken@unl.ac.uk
Received on Monday, 13 May 1996 04:41:32 UTC