SMS scnews item created by Paul Szabo at Wed 4 Jul 2007 1325
Type: Info
Modified: Wed 25 Jul 2007 0727; Tue 4 Apr 2017 1229; Thu 27 Jul 2017 0830
Distribution: World

Unikey/WASM login and /loc/ objects

Changed, new: access as /uni/. You may want to use this to avoid issues
of newly enrolled students not having access for a day or two while
their enrolments details trickle down to us from SydneyStudent, or for
past students doing supplementary exams out-of-semester. Beware however
that this provides less protection than /loc/ does.


Many web pages are accessible to anyone in the world. Sometimes it makes
sense to restrict access, and some of our webpages are only accessible
"internally" or via Unikey (WASM) login when accessed from "outside"
(and some are not accessible to undergrads even when inside).

Lecturers may make web material available to students, in a way that
would not be accessible to the world (e.g. when you are concerned with
intellectual rights).

There are three (or four?) levels of access you can specify for a web

/staff/ - restricted to Maths staff and/or postgrads honours etc, but
   not accessible to undergrads (similar to who can access tutsols).

/loc/ - restricted to Maths people, whether undergrads or staff:
   accessible to Maths undergrad students currently doing some (any)
   Maths course or subject, and/or to Maths staff/postgrad/honours/etc.
   (This is the "traditional" way of restricting access.)

/uni/ - restricted to University people with Unikey, allowing access
   to all staff and students, whether related to Maths or not.

The fourth level is the "open to the world" of all other pages.

To do this (example for /loc/): place the web page within a directory
named "loc", so the path (or URL) becomes something/loc/something; the
"loc" directory, short for "local", may appear anywhere within the path.
Then any web access will require an identified, logged-in, Maths user:
automatically provided for "internal" access, and to use WASM login when
fetched from outside.
For /staff/ or /uni/, create a directory named staff or uni, instead.
Note that WASM may let the user in, without a further Unikey and
password prompt, when already logged in to any other WASM service e.g.
to myUni or LMS/Blackboard.

See also,
noting that this applies to all web objects, not just personal pages.

(I understood some people used WebCT solely for the "security" it
provided: you can have the same effect with "loc" and WASM.)


Note for developers/owners of /ub/ CGI scripts: I now pass an HTTP
header of the form "SMS-User: psz" to /loc/ things within /ub; the
script will see this as the environment variable HTTP_SMS_USER:
 - SMS-User is added to /loc/ or /staff/ things only, not other scripts
   (e.g. not to /uni/ things)
 - the script should verify that it is talking to siv (refuse otherwise;
   though the webserver on rome is configured to only accept connections
   from siv)


If you are registered you may mark the scnews item as read.
School members may try to .