[Gss-users] gss on the Internet rather than Intranet

Marcel Gagne (Free Thinker at Large) mggagne@salmar.com
Thu, 29 Mar 2001 10:41:58 -0500 

Ach, du lieber!   

Sorry, Michael.   I was doing a little email cleanup and it seems that I 
missed this one.  Mea culpa and all that.

> Thanks for the software/column. It is edifying as always. I would like to
> incorporate "Grand Salmar Station" software into my web site similarly to
> what Marcel does with
> <http://www.salmar.com/scipageswftl/controlpages/whatsnew.html> ie: the
> whatsnew page. Ideally I could control who could post to it as a forum for
> discussion and interesting links available on the Internet. Marcel, how did
> you setup the whatsnew page, and what are some of the security (or other)
> issues with using gss on a public access able web site.

I'll answer the second question first.   Basically, the security issues are 
the same as they are anywhere else.   You have already noticed that you can 
get to the scimaint admin pages just by knowing the pathname.   We control 
access to that through the standard Apache permissions with ".htaccess" 
records.    For instance, here's the one from my WFTL pages.

    AuthName        "WFTL Intranet:  Restricted access"
    AuthType        Basic
    AuthUserFile    /usr/local/apache/.wftladminpwd
 
    <Limit GET POST>
    require valid-user
    </Limit>

The AuthUserFile can be called whatever you want and exist wherever you want 
on the disk.  I like to keep it outside of document root on the web server.   
That way, you can't just download it and look at it.    Passwords are created 
with the Apache "htpasswd" program.   You could also create a completely 
different hierarchy but that would require "tweaking" the files and modifying 
the paths.   If you are concerned about others accessing the admin functions, 
you could do this.

On to the first question.    I did that my modifying the skeleton for the 
whatsnew.html page ( the one right under scipages -- the one in controlpages 
is generated) and adding an SSI directive immediately after the body tag.   
What the directive does is automagically include my menu into the docements 
each time I add a new posting.   Here's what that directive looks like.   
Now, this is in the skeleton page

     <body>
     <!--#include virtual="/marcel/wftlmenu.insert"-->

It's just HTML text, but the execute bit set on the file itself.   This is 
the so-called "XBitHack" directive and if you are curious, there's a nice 
little document that covers it over at the Apache website.

     http://httpd.apache.org/docs/howto/ssi.html

If you have access to your own server (and it sounds like you do), then you 
can do some way cool things with SSI.   

Hope that helps.    Again, sorry for being so darn slow with the reply.

-- 

Marcel (Writer and Free Thinker at Large) Gagne
Note:  This massagee wos nat speel or gramer-checkered.
Mandatory home page reference - http://www.salmar.com/marcel/
Author : Linux System Administration, A User's Guide
         (due 2001 from Addison Wesley)