Re: [htdig] using a "secure" search results .


Subject: Re: [htdig] using a "secure" search results .
From: J. op den Brouw (MSQL_User@st.hhs.nl)
Date: Wed Apr 05 2000 - 08:16:19 PDT


On Wed, 5 Apr 2000, Budd, S wrote:

> We want the index of the whole college in one data base.
> but we want two searches
> 1. returns results for only departments a,b.c web servers
> 2. returns results for only departments d,e ( where all pages are
> protected by apache configuration ) webserver

We have a Intranet site, similar to this setup.

> Is the following a good method to prevent the departments
> from viewing each others index results or is their a simpler method.
> We do not want the limit_urls_to to be in the search form as obviously
> a user could just remove this. We do not want the protected pages to appear
> in the search results.
>
> Run two versions of htsearch ( each with a different config file ) from a
> different
> cgi-bin directory which has been protected with
> an Apache authorisation set-up allowing dept a,b,c to use say htsearchabc
> and dept. d, e to use say htsearchde.
>
> the two htsearches would have default config files with
> appropriate limit_urls_to or exclude_urls set in them.

This will work. You can do it another way: write a wrapper script
that checks the REMOTE_ADDR environment variable and call htsearch
with the correct config file, or set the exclude and restrict
CGI parameters to the correct value. With the latter, you can
have one database and one config file. There are some tricky
things to take care of with these CGI parameters when you allow
user to set them via a form, so you better don't give this to users.
 

--jesse
--------------------------------------------------------------------
J. op den Brouw Johanna Westerdijkplein 75
Haagse Hogeschool 2521 EN DEN HAAG
Faculty of Engeneering Netherlands
Electrical Engeneering +31 70 4458936
-------------------- J.E.J.opdenBrouw@st.hhs.nl --------------------

Linux - because reboots are for hardware changes

------------------------------------
To unsubscribe from the htdig mailing list, send a message to
htdig-unsubscribe@htdig.org
You will receive a message to confirm this.



This archive was generated by hypermail 2b28 : Wed Apr 05 2000 - 07:15:30 PDT