Re: [htdig] Search engine for private page


Subject: Re: [htdig] Search engine for private page
From: Gilles Detillieux (grdetil@scrc.umanitoba.ca)
Date: Mon Oct 30 2000 - 13:07:52 PST


According to Knut A. Syed:
> Gilles Detillieux <grdetil@scrc.umanitoba.ca> writes:
> > Using a symbolic link to htsearch doesn't secure anything because
> > the link to the binary won't change the the CONFIG_DIR setting that
> > the binary uses, so you're still relying on keeping the config file
> > name secret. If you don't want to compile two htsearch binaries with
> > different CONFIG_DIR settings, you can use a simple wrapper script for the
> > secure htsearch.pr, which sets the CONFIG_DIR environment variable to the
> > secure configuration directory. This environment variable overrides the
> > compiled-in setting specified by the make-file variable of the same name.
>
> How about modifying htsearch to automatically use CONFIG_DIR based on
> the name of the exectued binary?
>
> Then you can make symlinks to htsearch with different names and
> web-access/protection, and htsearch will choose the configuration
> automatically.
>
> F.ex. the symlink htsearch-internal (pointing to htsearch) can be
> protected and accessed as
> http://www.example.com/cgi-bin/htsearch-internal, automatically using
> htsearch-internal as CONFIG_DIR. Accessing htsearch directly will not
> work (unless you have a CONFIG_DIR named htsearch).

While your suggestion has merit, and would be quite easy to implement,
I don't think it would be a good idea to make it a standard part of the
distribution. You touched on the reason for this in your last sentence.
This scheme would introduce restrictions on the CONFIG_DIR name that
are not part of the current set of defaults, so it would likely break
a large number of installed sites.

However, if you need this feature on your own site, it's really simple
to add. Just find the following line in htsearch/htsearch.cc:

            configFile = CONFIG_DIR;

and add this after it:

            configDir = strrchr(av[0], '/');
            if (configDir)
                configFile << configDir;

This will append the program name to the compiled-in CONFIG_DIR value,
as a subdirectory of it.

-- 
Gilles R. Detillieux              E-mail: <grdetil@scrc.umanitoba.ca>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/~grdetil
Dept. Physiology, U. of Manitoba  Phone:  (204)789-3766
Winnipeg, MB  R3E 3J7  (Canada)   Fax:    (204)789-3930

------------------------------------ To unsubscribe from the htdig mailing list, send a message to htdig-unsubscribe@htdig.org You will receive a message to confirm this. List archives: <http://www.htdig.org/mail/menu.html> FAQ: <http://www.htdig.org/FAQ.html>



This archive was generated by hypermail 2b28 : Mon Oct 30 2000 - 13:13:59 PST