Annotation of capa/capa51/READMEsecurity.txt, revision 1.1

1.1     ! albertel    1: 
        !             2: 
        !             3: 
        !             4: 				CAPA SECURITY
        !             5: 
        !             6: 
        !             7: Please follow the instructions as they are given in the README.txt (UPGRADE.txt)
        !             8: file.  There are security reasons why CAPA is installed the way that it is.  
        !             9: 
        !            10: 1.)  Protecting your problem code.
        !            11: 	The README.txt file directs you to create a demolibrary folder 
        !            12: 	which contains symbolic links to the CAPA problem Graphics and 
        !            13: 	Links.  Later, you are directed to make an alias for /demolibrary 
        !            14: 	for the web server using Public/demolibrary.  The reason for this 
        !            15: 	is that the webserver is only allowed to see the Graphics and Links.  
        !            16: 	If you point your browser to http://your.machine/demolibrary/ you 
        !            17: 	can access the Graphics and Links without going through any CAPA 
        !            18: 	security.  If the webserver is aliased to the real demolibrary 
        !            19: 	instead of the Public/demolibrary, anyone (including your students) 
        !            20: 	can access the problem code.  This is highly undesirable and can
        !            21: 	potentially render your CAPA problems useless.  For example, someone
        !            22: 	with your problem code could build their own set with their own
        !            23: 	CAPA software and generate answers for himself/herself and countless
        !            24: 	others.   
        !            25: 	
        !            26: 	Protecting your problems has become particularly important now 
        !            27: 	that CAPA has become free software.  If you add any other libraries 
        !            28: 	to your system, they also MUST have a Public version of the library 
        !            29: 	for the webserver can use.  The CAPA problems (including the 
        !            30: 	demolibrary) are copyrighted by the author, institution, etc. and 
        !            31: 	can NOT be freely distributed.  
        !            32: 	
        !            33: 	To check if your CAPA libraries are properly installed, point your 
        !            34: 	browser to http://your.machine/CAPAlibrary/.  You should only be able 
        !            35: 	to see the Graphics and Links directories.  If your webserver is not 
        !            36: 	set  up for indexing (i.e. you cannot see the directories in your web 
        !            37: 	browser), you can try accessing a problem code file from the web by 
        !            38: 	pointing your browser to 
        !            39: 	http://your.machine/CAPAlibrary/problem-type/problemCode.txt  
        !            40: 	If you can  access such a file, then you need to make a Public version 
        !            41: 	of your library and alias this version in your webserver's srm.conf 
        !            42: 	file.  
        !            43: 
        !            44: 2.)  Protecting Web Access
        !            45: 	If you follow the steps above to protect your libraries, then the 
        !            46: 	rest of your CAPA code (set.qz files, etc.) are protected by the 
        !            47: 	capasbin program which has built in security.
        !            48: 
        !            49: 3.)  Protecting Telnet Access
        !            50: 	If you use the telnet interface, security is controlled by the 
        !            51: 	capalogin shell.  You should always test out your classes as soon 
        !            52: 	as you install them to make certain that your class "user" (nsc131s0 
        !            53: 	for example) uses the capalogin shell.  This is very important 
        !            54: 	because the "user" (nsc131s0) is set up to log in without a password. 
        !            55: 
        !            56:  

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>