SLAC
WWW-Tech Mtg
2/4/98SLAC
WWW-Tech Mtg
2/4/98Attendees: Tony Johnson, Les Cottrell, John Halperin, Joan Winters, Dennis Wisinski, Bebo White, Paul Raines, Charlotte Hee, Andy Hanuschevsky, George Crane, Ruth Mcdunn, Jennifer Masek, Steve Meyer, Walter Kaye
Agenda:
The logs will continue to be kept on NFS. there will be a TRS (Token Renewal Service) job that will copy the files across to AFS at regular intervals. the security/privacy concerns are minimal but may need reviewing by the Computer Security Committee.
Charlotte raised problems with non-transparency (for example with links, or accessing Frontpage extensions) when editing pages using the Netscape server. Frontpage knows that when you ask to save the file it sends a message to the server to request the file be updated. The Frontpage application makes sure that you cannot change pages that you are not authorized to change. Bebo wants to delay adding the Frontpage extensions to the Netscape server until he has the Netscape server in production. For some page sets it may be necessary to allow to be changed only from Frontpage due to conflicts in the way access is treated in Frontpage and the AFS file system. John raised the question of how getting Frontpage extensions and support relates in priority compared to having a secure server. This is covered below.
Tony has it up and running for Solaris and AIX 4 (Netscape 4 is not available for AIX prior to release 4). He will also load the SunOS version. It was more complicated to install than the old version. It will still be called Netscape (initially Netscape-new). It includes the full set of functions (communicator, collabra etc.). The question was raised as to whether we need the front end wrapper that turns off Java and JavaScript. This issue needs to be resolved with Bob Cowles. Tony will talk to Bob. Another issue is who will take over supporting Netscape on Unix. Tony never uses it on Unix and so will not be a good resource for questions, and also has little motivation to support it. There have been no volunteers. Tony agreed to continue support but it will only be slow, and if people want more support, they may need to volunteer. It would be good if somebody else took over support. Tony will modify the Web Browsers at SLAC page to indicate that Netscape and Lynx are supported and Mosaic is NOT supported.
The file versus page space mapping has been completed. The next major problem is to tackle some CGI problems. In particular this includes access to RXSQL which is not available for Solaris yet. The author of RXSQL is reported to be working on porting it to Solaris. Bebo will be notifying the owners of scripts called by cgi-wrap that they will need to be tested on the new server.
Steve Meyer has a large number of scripts that use RXSQL that will probably need to stay on the old server. Thus he wants an alias for the old server that will be maintained so it will continue to work. The migration schedule is aimed at having the new production service at the end of March.
Bob Cowles has ordered a certificate from Verisign, it should arrive soon.
BaBar have several pages that use the CERN directory password protection. It gives a single user/password for each page. However, it is almost impossible to maintain properly since multiple users know the single user/password for a page. The Stanford/AFS mechanism would be much more desirable however, it is not generally supported. We will defer further discussion until we have SSL running with the new server so we can compare possible ways to address security.
Dennis has been looking at how to set up the Web/NT file space to provide appropriate security that has the right granularity, is manageable (e.g. the administration can be delegated), works in an intuitive fashion, provides an appropriate level of security/privacy, and interworks well between Frontpage and the NT file system. He has run into problems, which he has not understood yet. In some ways it looks as if FrontPage is not a viable option, but it is probably the best WYSIWYG editor for Web pages. Work-arounds also appear to have problems (e.g. relative URLs of links get messed up).
Joan wants to put up another virtual NT server in the series www2, www-user, www-group ... The new server is for Lab wide projects (e.g. NLC, ILC). She proposed the names www-program or www-project. If there are a lot of these and they all use a separate IP address then we may run out of IP addresses. They may typically be used for Project was felt to be more general/flexible than program.