> Adrian: The voting CGI is fully functional except
> for encryption. If someone will write an encryption
> XCMD or HT script that I can throw into it
> it will be complete.
> MP0werd: Leave all the names and passwords in a
> directory without read or write priviledges and that
> should do it.
> Adrian: That would be fine by me. Alain, can this
> be set up?
> Alain: Of course it can, but I don't see how this
> folder setup would encrypt and/or protect our votes.
Adrian: This would simply mean that the outside world couldn't access
the passwords. You (and anyone else with access to the server) would be
able to see them. For a voting CGI, this is really all the protection
we need.
Alain: I have no objection to providing a folder that grants no one any
access priviledges.
Alain: It begs the question, though, as to why Apple's file access
priviledges are not considered secure enough for our purposes. Is there
something INsecure about using Users & Groups to control access to my
server?
> Alain: Incidentally, the Save-HyperCard-Petition
> has been running well for months now and it is in fact
> an instance of a voting-like CGI.A password protection
> scheme would be very simple to implement. I already
> have one of the latter to secure the access to my
> pedagogical web sites from students that wouldn't pay
> their fees.
Adrian: I have written the voting and password parts, I just need a
method of keeping passwords secure.
Alain: I am aware of that.
Adrian: If you mean you've had an encryption handler all this time and
didn't tell me, I will scream. This whole encryption business has
driven me insane for months.
Alain: NO, I don't have any encryption stuff. If I had, I would have
passed them along to you. Security - the really secure stuff I mean -
is a whole different ball game. Secure sockets, certificats, keys,
encryption ... It's over my head for now.
> Alain: I am almost finished my current contract. I
> will thus be completing on our collaboration
> infrastructure in the coming weeks. Voting-like web
> pages will be included for all the issues that will
> concern our group.
Adrian: This is wonderful to hear. I can't wait to finally see this new
collaboration infrastructure.
Alain: You have quite tactfully pointed out, indirectly (and perhaps
unintentionally), a credibility-gap that has bothered me for some time,
between what I propose and when I deliver.
1. I must learn to curb my enthusiasm and optimism;
2. Like everyone else, I have to work to earn my keep. Unfortunately,
this often takes precedence over projects like our own;
3. Computer stuff always takes much more time than we anticipate. I
have marginally improved my estimates over the years, but it is pretty
much as it has always been: imponderable. Just when you start getting
used to something ... out come new technologies, new versions, etc.
Got to go ... someone in the office...
Alain Farmmer
mailto:[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com
