Annotation of capa/capa51/READMEsecurity.txt, revision 1.1
1.1 ! albertel 1:
! 2:
! 3:
! 4: CAPA SECURITY
! 5:
! 6:
! 7: Please follow the instructions as they are given in the README.txt (UPGRADE.txt)
! 8: file. There are security reasons why CAPA is installed the way that it is.
! 9:
! 10: 1.) Protecting your problem code.
! 11: The README.txt file directs you to create a demolibrary folder
! 12: which contains symbolic links to the CAPA problem Graphics and
! 13: Links. Later, you are directed to make an alias for /demolibrary
! 14: for the web server using Public/demolibrary. The reason for this
! 15: is that the webserver is only allowed to see the Graphics and Links.
! 16: If you point your browser to http://your.machine/demolibrary/ you
! 17: can access the Graphics and Links without going through any CAPA
! 18: security. If the webserver is aliased to the real demolibrary
! 19: instead of the Public/demolibrary, anyone (including your students)
! 20: can access the problem code. This is highly undesirable and can
! 21: potentially render your CAPA problems useless. For example, someone
! 22: with your problem code could build their own set with their own
! 23: CAPA software and generate answers for himself/herself and countless
! 24: others.
! 25:
! 26: Protecting your problems has become particularly important now
! 27: that CAPA has become free software. If you add any other libraries
! 28: to your system, they also MUST have a Public version of the library
! 29: for the webserver can use. The CAPA problems (including the
! 30: demolibrary) are copyrighted by the author, institution, etc. and
! 31: can NOT be freely distributed.
! 32:
! 33: To check if your CAPA libraries are properly installed, point your
! 34: browser to http://your.machine/CAPAlibrary/. You should only be able
! 35: to see the Graphics and Links directories. If your webserver is not
! 36: set up for indexing (i.e. you cannot see the directories in your web
! 37: browser), you can try accessing a problem code file from the web by
! 38: pointing your browser to
! 39: http://your.machine/CAPAlibrary/problem-type/problemCode.txt
! 40: If you can access such a file, then you need to make a Public version
! 41: of your library and alias this version in your webserver's srm.conf
! 42: file.
! 43:
! 44: 2.) Protecting Web Access
! 45: If you follow the steps above to protect your libraries, then the
! 46: rest of your CAPA code (set.qz files, etc.) are protected by the
! 47: capasbin program which has built in security.
! 48:
! 49: 3.) Protecting Telnet Access
! 50: If you use the telnet interface, security is controlled by the
! 51: capalogin shell. You should always test out your classes as soon
! 52: as you install them to make certain that your class "user" (nsc131s0
! 53: for example) uses the capalogin shell. This is very important
! 54: because the "user" (nsc131s0) is set up to log in without a password.
! 55:
! 56:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to READMEsecurity.txt CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / capa / capa51