Re: [44net] Can't add redundant AMPR gateway to portal

29 Mar 2014

...
  On 29 Mar 2014, at 00:36, "Marc, LX1DUC"
&lt;lx1duc(a)laru.lu&gt; wrote:

 (Please trim inclusions from previous messages)
 _______________________________________________
  On 28/03/2014 22:55, Chris wrote:
 This is not a bug, this is intentional. I have been re-writing sections of the portal to
enhance security following several hacking attempts. One insecure script I found when I
audited the system was the getdata.php script. It has been re-written to be secure, You
should not have been able to access the encap file directly from it in the first place,
that kind of access was never documented, nor was it ever intended to be used like that.

 Good idea, but it has serious side effects. You shouldn't make such
 drastic changes to services that are used by the community, even for the
 sake of security. The very least would be to announce such a change to
 this mailing list, so that SysOps can adapt their tools, before the
 users experience unreachable networks. It upsets people if you proceed
 like you did, people will complain loudly which probably doesn't 
As I said, that script was never documented as being accessible in that fashion, it was
just a link from a page a human had to log into. If anyone has decided to link scripts
into internal pages without even advising me that they were doing so then they run the
risk that things can, and probably will, change.

...
   The correct
way to access the encap file remotely by script, is via FTP. I have had a couple of people
asking about an API which I may introduce at a later stage, but for now you should access
the encap file via FTP.  
 Good point. BUT I cannot find the URL to the FTP anywhere on the portal,
 indeed the portal only provides a link to
 https://portal.ampr.org/getdata.php 
The FTP details have never officially been published as far as I am aware, they have been
passed from one OM to another. Again I believe this to be intentional, although security
through obscurity is never a great idea IMHO.

The FTP site is ftp.ampr-gateways.org

The username and password I am happy to divulge privately to any genuine radio amateur
that emails me.

73
Chris
G1FEF

...
  So I went on and checked the http://wiki.ampr.org, no
link can be found
 to the FTP server.

 There is no encap file on ftp://hamradio.ucsd.edu/pub/ either.

 Google returns http://www.qsl.net/kb9mwr/wapr/tcpip/encap.txt, file date
 is 2006/05/28 22:00:21

 I would be glad if someone could point me to a current encap.txt file.
 (The version on the portal seemed to be generated on request... let's
 see how current the FTP version will be...)

 73 de Marc
 _________________________________________
 44Net mailing list
 44Net(a)hamradio.ucsd.edu
 http://hamradio.ucsd.edu/mailman/listinfo/44net 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [44net] Can't add redundant AMPR gateway to portal