[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ProgSoc] Whitelist perhaps?



On Thu, 11 Aug 2005 7:18 pm, Peter Anthony Brownlow wrote:
 ] In what form is the white list? DB rows? Big flat text file?
 ] I can't see adding to or removing from either being hard. Tell me where
 ] to get usernames, against what to verify progsoccers' usernames and
 ] passwords and where to shove the results and I'll do it.

 Yes.

 It's very easy to do, I'm sure.

 The problems (from a programmatic point of view) are the rights needed
 to write to the whitelist (avoidable by having symlinks to non-
 privileged files) and authenticating the user via the web front end
 (partly solvable by using https).  Some significant amount of work
 would need to be done in sanity checking the input data.

 I reckon it'd be several hours work to get something cranked up
 with PHP.

 But .. (the question remains) .. why?

 If this is purely a knee-jerk reaction, with or without the patella
 component, to the recent fug up WRT subscribing the list to that
 world scientist thing .. keep in mind that the same mindlessness
 that led to that subscription being made would apply if owner of
 said cranial cavity were faced with a web interface to allow access
 to the list.

 It took some seriously dumb activity on behalf of that *progsoc
 member* to subscribe us to that list.  Regardless of how pretty the
 web interface was that you're thinking about writing, you can't
 protect us from internal dumbness.

 Let me spell it out even more plainly.

 If someone already has a set of authentication credentials to progsoc,
 then we're stuffed -- insofar as the solution (to the unnamed problem)
 that you're proposing WILL NOT SOLVE (the problem as I see it).

 While we're talking about answers to undefined questions, come up
 with an answer to the question of how you handle ad hoc additions
 to the list when you're on a network that will happily relay your mail
 but won't let you talk http(s) at all.

 In the other hemisphere, how do we get the jobsoc posters (who are
 typically not subscribed to the list, and don't have any kind of
 authentication credentials either) access to post?

 Jedd.


-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@xxxxxxxxxxxxxxxxxxx
If you are having trouble, ask owner-progsoc@xxxxxxxxxxxxxxxxxx for help.