[Nitro] Security problems

Emmanuel Piperakis epiperak at softlab.ece.ntua.gr
Sun Nov 13 20:27:25 EST 2005

Guys thanx for the tones of replies...
It has been most helpfull. I will develop a small security system like 
Michael suggests (because that fits my needs the most)

Thanks again

> Another simple solution would be to look up by name, not number. As
> long as you don't expect project names to change often, URIs like /
> project/bills-project are far more user friendly, and make it harder
> for someone with no knowledge of a project to stumble upon it.
> This isn't real security, of course -- the other replies have covered
> that. But I appreciate that sometimes you don't really want to put
> strict access controls on something, but don't want to advertise its
> presence, either. I do this when I need to give someone a large file
> - I put it on a web server in a place where it won't be indexed, and
> give the person the URL. It wouldn't be a huge problem if someone
> found one of those files, but I'd just as soon nobody rifle through
> all my stuff. Meanwhile, I don't have to worry about creating a user,
> a password, or an ACL.
> P
>> I am not sure if this can be done already, but I would like the
>> path to be
>> hidden. I would like to show only the main page URI. I think it is a
>> security problem if a user sees things like http://myhost.com/
>> project/1
>> The users might type /2 by himself...
> _______________________________________________
> Nitro-general mailing list
> Nitro-general at rubyforge.org
> http://rubyforge.org/mailman/listinfo/nitro-general

Emmanouil Piperakis (epiperak at cs.ntua.gr)
{To explore is Human, to Create is Devine,
  To teach is Primal, to Rule is Sin}

More information about the Nitro-general mailing list