webinterface for mgetty+sendfax+...

Frank D. Cringle (fdc@cliwe.ping.de)
25 May 1997 17:46:22 +0200
Messages sorted by:[ date ][ thread ][ subject ][ author ]
neko@greenie.muc.de (Simone Demmel) writes:
>Frank D. Cringle wrote:
>> neko@greenie.muc.de (Simone Demmel) writes:
>> > [ wants a web interface to view faxes ]
>> Here is a quick and dirty solution for those blessed with suitable
>> free software (apache on the server-side, viewfax on the
>> client-side).
>
> [...]
>The point I'm not so happy about with this is: Security. How to avoid
>people reading your private faxes. Ok, you have .htaccess - but after
>that?

I think we can distinguish several levels of security.

1. Just playing around on a single-user, stand-alone system (what I
 am doing here): no security required.

2. Providing remote access to a home machine on which local users are
 all trusted: .htaccess should be sufficient (faxes are mode 644 so
 the web-server can read them).

3. If local users are not trusted, a suid-cgi becomes necessary. It
 does not have to do much - just read and spit out the file with the
 appropriate mime-header.

4. If multiple non-trusted remote users are to have access to "their"
 faxes you first have to solve the perennial fax-classification
 problem - who does this fax that just arrived belong to? Then you
 can put them in different directories with .htaccess protection.

SSL is orthogonal to all this. My simple configuration works fine
when accessing https://localhost/fax/ on a server with
SERVER_SOFTWARE = Apache/1.2b10 Ben-SSL/1.6

-- 
Frank Cringle, fdc@cliwe.ping.de
voice: (+49 2304) 467101; fax: 943357
.