On 29 Mar 2014, at 00:36, "Marc, LX1DUC" lx1duc@laru.lu wrote:
(Please trim inclusions from previous messages) _______________________________________________
On 28/03/2014 22:55, Chris wrote: This is not a bug, this is intentional. I have been re-writing sections of the portal to enhance security following several hacking attempts. One insecure script I found when I audited the system was the getdata.php script. It has been re-written to be secure, You should not have been able to access the encap file directly from it in the first place, that kind of access was never documented, nor was it ever intended to be used like that.
Good idea, but it has serious side effects. You shouldn't make such drastic changes to services that are used by the community, even for the sake of security. The very least would be to announce such a change to this mailing list, so that SysOps can adapt their tools, before the users experience unreachable networks. It upsets people if you proceed like you did, people will complain loudly which probably doesn't
As I said, that script was never documented as being accessible in that fashion, it was just a link from a page a human had to log into. If anyone has decided to link scripts into internal pages without even advising me that they were doing so then they run the risk that things can, and probably will, change.
The correct way to access the encap file remotely by script, is via FTP. I have had a couple of people asking about an API which I may introduce at a later stage, but for now you should access the encap file via FTP.
Good point. BUT I cannot find the URL to the FTP anywhere on the portal, indeed the portal only provides a link to https://portal.ampr.org/getdata.php
The FTP details have never officially been published as far as I am aware, they have been passed from one OM to another. Again I believe this to be intentional, although security through obscurity is never a great idea IMHO.
The FTP site is ftp.ampr-gateways.org
The username and password I am happy to divulge privately to any genuine radio amateur that emails me.
73 Chris G1FEF
So I went on and checked the http://wiki.ampr.org, no link can be found to the FTP server.
There is no encap file on ftp://hamradio.ucsd.edu/pub/ either.
Google returns http://www.qsl.net/kb9mwr/wapr/tcpip/encap.txt, file date is 2006/05/28 22:00:21
I would be glad if someone could point me to a current encap.txt file. (The version on the portal seemed to be generated on request... let's see how current the FTP version will be...)
73 de Marc _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net