A Day Late

A few weeks ago I was attending the quarterly webmasters meeting at BYU. There was a discussion about getting a group of people from across campus together to form an XML advisory group of sorts. I wasn’t exactly sure what the focus or purpose of the group was, but it sounded interesting so I raised my hand along with several others when they asked who would be interested in participating in such a group. The next question was, who would like to be the head of the group? I wasn’t about to volunteer for that, so I sat silently…much like everyone else who raised their hand to the previous question. After a few moments of awkward silence someone volunteered that Jeff (me) should probably head the group since I also serve on the university web advisory board. That’s when I knew I was in trouble, a few seconds later it was all over and I was the head of the group.

I was a little nervous about this decision for a few reasons. For one thing I’m short staffed right now and my workload has been backed up for months and I wasn’t sure I would have enough time to devote to the group (I’m still not). Second, I didn’t have a clear idea of what the purpose of the group was. All I knew was it had something to do with the use of XML across campus.

After asking around a bit I discovered the idea behind the group was to look at designing some XML standards for campus to share news releases and other information which could be valuable as a shared resource. After some discussion on the group email list I believe the best way to go is to look at implementing widely adopted XML standards already in use, as opposed to creating our own. RSS or ATOM could be used for press releases. I’ve started thinking about other ways we could use XML. Sharing calendar information for example. I’m not sure if there is already a calendar XML standard, but it’s worth looking into. Anyway, it looks like my hobby interest in XML might have to grow a little. If anyone is aware of good XML resources or has some good ideas about how it could be used on campus, let me know.

I was looking at the weblog and noticed the server has been up for over 300 days now. Not bad considering it’s sitting in a basement, hooked to a DSL modem with a simple battery backup. I’m running the stable version of Debian on the server and I have to say I’m impressed. Haven’t had to reboot it once in almost a year. Incidentally I was just looking at the cisco DSL modem and it has an uptime of 312 days. That’s reliability.

I’ve been working on a problem at work for almost 7 hours and I’m no closer to finding a solution. I’d give up if I wasn’t sure someone else has had the same problem. Here’s what’s going on. On our server we use coldfusion and use application security throughout our site. When someone logs in to our site we set various cookies and session variables. On pages that require security we check for the proper credentials and then load the page. If the proper credentials are not found the user is redirected to the login page. However, that approach only provides security for files coldfusion recognizes (CFM and CFC files). PDF, word document files are available for anyone to see.

This hasn’t really been a problem until recently. We allow all employees a certain amount of web space to post files and other documents in their own web folders. On numerous occasions we’ve told them NOT to upload files with information that should remain confidential. Apparently that’s not working because they keep doing it. The problem is, most of the files they upload are word documents, pdf’s, etc which cannot be put under our coldfusion application security.

I figured a good solution would be to implement directory security on those folders and require basic authentication. This would authorization to access any file. I want to create a single username on the server with access to that folder. When a user logs in to our site, throught the coldfusion mechanism, we also do a transparent login using this special username and password using Basic Authentication. Problem is I can find NO way to do this. I thought I could manipulate the authentication-info header but that doesn’t seem to be working. I’m having a hard time believing it’s not possible to have application security AND directory security. If only I could use mod_rewrite I wouldn’t have to worry about directory security, but sadly this is a Microsoft IIS server. If I haven’t figured this out in the next half hour I might have to beat my head against my desk.

I upgraded my Wordpress installation to version 1.5 yesterday. The whole process took about 5 minutes. I decided to stick with the “default theme” and I have to say I’m pretty pleased with it. I added a graphic to the header and I’m thinking about creating a rotating header graphic. I’ve also spent a little time customizing the left menu. I haven’t added my Amazon.com wishlist back to the sidebar and I don’t think I will. There’s already too much clutter on the left sidebar as it is. Instead, I think I’ll try and create a seperate page for the wishlist. Wordpress 1.5 allows you to create pages, just like posts, but you can’t use php scripts in the page so I’m going to have to figure out a way to pull and display my wishlist and still stay in the weblog template. Should be fun.