Re: Loging in to mike

[droege@snapmail.us]

In answer to the question below:

The goal is to provide a play pen where visitors with ideas can come and
play with data sets that are too hard to move to their own play area.

I am getting set up to put 100,000 8Mbyte images on the system.  One might
come to the system and write a program to search through the images and
find a set to use to perform a particular test.  If it is small, I am
willing to write it to DVD and mail it out.  Most likely it will be more
efficient to process it on the machine and only transmit the result.

The out bandwidth is ADSL, I think 150Kb.  I worry that someone might try
to use the machine to attack other machines.

One solution is for me to set up accounts for those that ask for them. 
Mostly I know (through many years of posts) all that might want to work
here.  Then I will just remove the public use (worker) sign in.

It will be a week or two before the problem needs to be solved.  But I
would like to do it right the first time.

Tom Droege

> On Tue, 19 Oct 2004 04:13 am, Ron Wickersham wrote:
>> hi All,
>>
>> the issue of publishing logins (including passwords) serves the purpose
>> of giving wide access to the file.
>
> yes true, but giving even a non-privileged account to an undesirable is
> one
> step closer to having to rebuild your system :-(
>
>>
>> wouldn't our goal of wide distribution be served by linking the
>> directories
>> to apache?  this way the (normally accceptable) security of apache to
>> serve files makes the security issue go away.   after all, the worker
>> user is not granted write privileges anyway.
>>
>
> Yes, that'd be the ideal.  I'm not sure of what the goal is here.  There
> are
> usually several ways of doing things :-)
>
> -goc-
>
>
>