Re: [htdig] htsearch and user access


Nathaniel Irons (irons@espresso.hampshire.edu)
Sat, 1 May 1999 14:45:31 -0700


On 5/1/99 at 2:33 PM, tneuer@inwise.de (Torsten Neuer) wrote:

> Instead of parsing the output, generate a dynamic search frontend using
> the user's id to create hidden "restrict" and/or "exclude" input fields
> for htdearch.

But if the data is interesting, and/or the users are relatively adept, I don't
see any reason not to expect them to create their own query strings. It'll be
trivial if all they have to do is remove an argument or two to htsearch.

Slightly safer would be adding required keywords to each successive level of
access, so gaining higher levels of access would require additional knowledge.
Safer still would be building separate databases around significant shifts in
access privileges, and using the user's id to generate pointers to entirely
different configuration files, whose location you could easily randomize every
so often. It depends on how secure you need to be.

  -nat

------------------------------------
To unsubscribe from the htdig mailing list, send a message to
htdig@htdig.org containing the single word "unsubscribe" in
the SUBJECT of the message.



This archive was generated by hypermail 2.0b3 on Sat May 01 1999 - 14:59:16 PDT