File:
[LON-CAPA] /
capa /
capa51 /
READMEsecurity.txt
Revision
1.1:
download - view:
text,
annotated -
select for diffs
Mon Aug 7 21:06:32 2000 UTC (24 years, 3 months ago) by
albertel
Branches:
MAIN
CVS tags:
version_2_9_X,
version_2_9_99_0,
version_2_9_1,
version_2_9_0,
version_2_8_X,
version_2_8_99_1,
version_2_8_99_0,
version_2_8_2,
version_2_8_1,
version_2_8_0,
version_2_7_X,
version_2_7_99_1,
version_2_7_99_0,
version_2_7_1,
version_2_7_0,
version_2_6_X,
version_2_6_99_1,
version_2_6_99_0,
version_2_6_3,
version_2_6_2,
version_2_6_1,
version_2_6_0,
version_2_5_X,
version_2_5_99_1,
version_2_5_99_0,
version_2_5_2,
version_2_5_1,
version_2_5_0,
version_2_4_X,
version_2_4_99_0,
version_2_4_2,
version_2_4_1,
version_2_4_0,
version_2_3_X,
version_2_3_99_0,
version_2_3_2,
version_2_3_1,
version_2_3_0,
version_2_2_X,
version_2_2_99_1,
version_2_2_99_0,
version_2_2_2,
version_2_2_1,
version_2_2_0,
version_2_1_X,
version_2_1_99_3,
version_2_1_99_2,
version_2_1_99_1,
version_2_1_99_0,
version_2_1_3,
version_2_1_2,
version_2_1_1,
version_2_1_0,
version_2_12_X,
version_2_11_X,
version_2_11_5_msu,
version_2_11_5,
version_2_11_4_uiuc,
version_2_11_4_msu,
version_2_11_4,
version_2_11_3_uiuc,
version_2_11_3_msu,
version_2_11_3,
version_2_11_2_uiuc,
version_2_11_2_msu,
version_2_11_2_educog,
version_2_11_2,
version_2_11_1,
version_2_11_0_RC3,
version_2_11_0_RC2,
version_2_11_0_RC1,
version_2_11_0,
version_2_10_X,
version_2_10_1,
version_2_10_0_RC2,
version_2_10_0_RC1,
version_2_10_0,
version_2_0_X,
version_2_0_99_1,
version_2_0_2,
version_2_0_1,
version_2_0_0,
version_1_99_3,
version_1_99_2,
version_1_99_1_tmcc,
version_1_99_1,
version_1_99_0_tmcc,
version_1_99_0,
version_1_3_X,
version_1_3_3,
version_1_3_2,
version_1_3_1,
version_1_3_0,
version_1_2_X,
version_1_2_99_1,
version_1_2_99_0,
version_1_2_1,
version_1_2_0,
version_1_1_X,
version_1_1_99_5,
version_1_1_99_4,
version_1_1_99_3,
version_1_1_99_2,
version_1_1_99_1,
version_1_1_99_0,
version_1_1_3,
version_1_1_2,
version_1_1_1,
version_1_1_0,
version_1_0_99_3,
version_1_0_99_2,
version_1_0_99_1,
version_1_0_99,
version_1_0_3,
version_1_0_2,
version_1_0_1,
version_1_0_0,
version_0_99_5,
version_0_99_4,
version_0_99_3,
version_0_99_2,
version_0_99_1,
version_0_99_0,
version_0_6_2,
version_0_6,
version_0_5_1,
version_0_5,
version_0_4,
stable_2002_spring,
stable_2002_july,
stable_2002_april,
stable_2001_fall,
release_5-1-3,
loncapaMITrelate_1,
language_hyphenation_merge,
language_hyphenation,
conference_2003,
bz6209-base,
bz6209,
STABLE,
HEAD,
GCI_3,
GCI_2,
GCI_1,
CAPA_5-1-6,
CAPA_5-1-5,
CAPA_5-1-4_RC1,
BZ4492-merge,
BZ4492-feature_horizontal_radioresponse,
BZ4492-feature_Support_horizontal_radioresponse,
BZ4492-Support_horizontal_radioresponse
- other readmes
CAPA SECURITY
Please follow the instructions as they are given in the README.txt (UPGRADE.txt)
file. There are security reasons why CAPA is installed the way that it is.
1.) Protecting your problem code.
The README.txt file directs you to create a demolibrary folder
which contains symbolic links to the CAPA problem Graphics and
Links. Later, you are directed to make an alias for /demolibrary
for the web server using Public/demolibrary. The reason for this
is that the webserver is only allowed to see the Graphics and Links.
If you point your browser to http://your.machine/demolibrary/ you
can access the Graphics and Links without going through any CAPA
security. If the webserver is aliased to the real demolibrary
instead of the Public/demolibrary, anyone (including your students)
can access the problem code. This is highly undesirable and can
potentially render your CAPA problems useless. For example, someone
with your problem code could build their own set with their own
CAPA software and generate answers for himself/herself and countless
others.
Protecting your problems has become particularly important now
that CAPA has become free software. If you add any other libraries
to your system, they also MUST have a Public version of the library
for the webserver can use. The CAPA problems (including the
demolibrary) are copyrighted by the author, institution, etc. and
can NOT be freely distributed.
To check if your CAPA libraries are properly installed, point your
browser to http://your.machine/CAPAlibrary/. You should only be able
to see the Graphics and Links directories. If your webserver is not
set up for indexing (i.e. you cannot see the directories in your web
browser), you can try accessing a problem code file from the web by
pointing your browser to
http://your.machine/CAPAlibrary/problem-type/problemCode.txt
If you can access such a file, then you need to make a Public version
of your library and alias this version in your webserver's srm.conf
file.
2.) Protecting Web Access
If you follow the steps above to protect your libraries, then the
rest of your CAPA code (set.qz files, etc.) are protected by the
capasbin program which has built in security.
3.) Protecting Telnet Access
If you use the telnet interface, security is controlled by the
capalogin shell. You should always test out your classes as soon
as you install them to make certain that your class "user" (nsc131s0
for example) uses the capalogin shell. This is very important
because the "user" (nsc131s0) is set up to log in without a password.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to READMEsecurity.txt CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / capa / capa51