|
|
| Author |
Message |
janc
|
|
Web Newuser Applications
| 
Jun 11 20:00 UTC 1995 |
Like others, I think the future is the World-Wide Web (though I certainly hope
it gets better). So I've been thinking about how Grex can get more web
friendly.
I think a good place to start would be a Web-Newuser program. This would
be a web-accessible form you could fill out to create a Grex account. It
seems like it would be a nice thing, and easy to implement.
To give an idea of what this would be like, I've set up a non-functional demo
page. It simply displays a Web version of an account application form. You
needn't bother pressing the [SUBMIT] button, because all it will do is give
you error messages. The page is not connected to anything.
To try it do:
lynx http://cyberspace.org/~janc/nu.html
Or, if you have access to a real web browser, like mosaic or netscape, the
same URL will work.
To make this work, we need to implement a CGI interface program which would
recieve the account application, and check it for sanity. If it doesn't make
sense, it would output (in HTML form) a page saying "sorry the login name
"root" is taken. Click here for a list of used login names, or click "here"
to return to the account application form." or something like that. If the
application is OK, it would immediately create the account, then output a page
welcoming the user to Grex and saying, "click here to telnet in".
I think the programming side of this would be reasonably simple, though I have
never done any CGI stuff, and I have heard there are security problems with
CGI. But nearly all the code could be stripped from the existing newuser
program.
I'd be somewhat interested in doing this, but first I wanted to hear what
people would think about such a project, and what the potential problems would
be.
|
| 15 responses total. |
steve
|
|
response 1 of 15:
|
Jun 11 20:41 UTC 1995 |
A Neat Idea, Jan. I thnk its a great thing to do. I know that the
CGI stuff needs to be worked on, but this is another reason to do it.
|
robh
|
|
response 2 of 15:
|
Jun 11 21:33 UTC 1995 |
AHEM!!!
Would someone please explain to me why, on a World Wide Web
interface to create Grex accounts, the Lynx shell isn't even listed
as an option???
I mean, you'd think that *maybe* someone using the Web to get here
would consider using it...
(My baby is being insulted, *sniff* >8)
|
robh
|
|
response 3 of 15:
|
Jun 11 21:57 UTC 1995 |
(Oops, almost forgot, I love the idea and would offer to help if I'd
had a chance to learn CGI, but since we don't have it here, I haven't.
Yet.)
|
janc
|
|
response 4 of 15:
|
Jun 11 23:00 UTC 1995 |
I put together the options on my sample form from memory. I didn't remember
lynx. I still don't remember lynx. But it is really easy to add things
to this.
There, I added it.
To learn about CGI look at http://hoohoo.ncsa.uiuc.edu/cgi/overview.html
It doesn't seem to be very complicated.
|
janc
|
|
response 5 of 15:
|
Jun 12 00:47 UTC 1995 |
If I work on this, I would need
(soon):
- a copy of Grex newuser source. I'd want to use as much of the same
code as the regular newuser program as possible. Namely a lot.
(before long):
- CGI installed on Grex. Robh says it isn't, but it is standard NCSA
stuff and should be be straight-forward to install. Still, it would
presumably take a root to do it.
- access to the cgi-bin directory. All CGI programs normally have to
be installed in cgi-bin, which users normally can't access, for very
good security reasons. I'd need to be able to install stuff there to
test it.
- a friendly root. Once it is debugged, the thing is going to have to be
suid-root to actually work. (All the really critical code will be
lifted unchanged from newuser, so there should be little risk).
- a friendly webmaster. Once it works, the Grex web Page needs to point
to it.
I've reviewed what the NCSA documentation has to say about CGI security,
and I see no problems there. To quote their manual, "This is not rocket
science."
|
srw
|
|
response 6 of 15:
|
Jun 12 07:02 UTC 1995 |
Jan, I think I like this idea too. I am root and webmaster and friendly.
However, we would want to give all of the staff a chance to discuss
this among themselves at the next staff meeting. CGI should be available
on Grex in my opinion, but we turned it off due to Marcus's concerns.
We did have a security hole when we were letting users write CGI scripts.
I doubt we'll see that again unless we come up with a clever patch for our
http server. Your idea doesn't require anything fancy, IMO.
I am led to ask, though, what would be the advantages of offering this
service? Our current welcoming page gives you a telnet link. The
only difference would be that now you could hold off on telnetting
until you created your account.
|
janc
|
|
response 7 of 15:
|
Jun 12 17:32 UTC 1995 |
First I agree that with the current state of the art on CGI, you *can not*
let users write scripts. However, if written with a modicum of care, staff
installed scripts are perfectly safe.
Why this is desirable: I see it first and foremost as simply a friendlier
and simpler newuser interface. For anyone familiar with the web, it is
much simpler to fill out a standard web form then to run an unfamiliar
program like newuser. For example, they can edit their answers easily using
the usual methods their browser support. I think Grex needs to do everything
they can to make the system as approachable as possible by as many people
as possible. It's not that newuser has a bad interface, but as more and more
people travel the web, it is more and more the the standard interface that
people understand. so if we can make that critical first step into Grex
more familiar to an important segment of our users, it is worth doing.
Also, a lot of the talk about "What is an interupt character" that appears
in the current newuser can be pulled up with a "click here for more
information about interupt characters." Thus, not every newuser has to sit
through pages of text explaining things they already know. They can very
easily ask for what they need. As anyone who has worked on newuser knows,
one has to make hard choices about how much you tell the user. Too little
talk, and he is confused and likely to give up. Too much talk, and you are
likely to overwhelm him with information he already knows or doesn't care
about. The hypertext interface of the Web allows us to break out of that
bind. If we design the page well, the user can ask for as much information
as he need or wants, can skim or read as he likes, and can process it in any
order he likes.
Second, I see it as a sensible first step in a direction that I think is
important to Grex's long range growth. As STeve has said elsewhere, the
Web, or its decendents, is the future of the Internet. If Grex is going to
stay on the leading edge of our business, we must dive into the Web. To
do this, we must start making more of our services available over the Web.
I'd eventually like to see a Web interface to PicoSpan. To do something
that would let people have read-only access to items would be simple enough.
But to do a really nice Web-PicoSpan we need to be able to identify the
person so we can attach a name to his responses, and maintain .cf files
for him. I understand some web servers support user authentication so that
a person has to sign on and give a password to access some functions. I
haven't investigated this enough to know how good it is right now, but it
is obviously a capability that is going to become available on the web, if
it isn't there already. Once we have that, we can have a person log on by
giving login and password on a web page, then enter PicoSpan, with input and
output filtered through CGI. Doing this well would probably be pretty hard,
but the result would probably be the best conferencing system on the net.
Combining the power and logical structuring of PicoSpan with a standard
point and click interface, while retaining the full regular interface for
power users, would blow away anything else I've seen on the net. This
isn't going to happen soon, and I'm probably not going to build it, but
being able to create accounts on the Web is a good first step to being able
to use them.
Finally, hey, it's a cool thing. How many web pages are there on the net
where you can fill out a form and instantly have an account on a Unix system?
I promise, a stunner like that is going to make a lot of hot-lists around
the Web, and attract a lot of new users.
|
selena
|
|
response 8 of 15:
|
Jun 13 00:45 UTC 1995 |
But, if this is the only netscapable thing on grex, aren't the newusers
likely
to be very dissapointed with grex, after that flashy an entrance?
|
janc
|
|
response 9 of 15:
|
Jun 13 01:04 UTC 1995 |
Hey, you gotta start somewhere. We can't say "Gee, we better not improve
this part of the system, because it will be too much better than the rest of
the system."
And in any case, this is not a hard thing to program. I doubt if it will take
me as long as 8 hours to put together a solid version. There's likely going
to be a lot more time fiddling with the text and formatting of the page
itself, but that doesn't take any genius. Just about any computer literate
person can figure out how to do that part. It doesn't place any big demand
on any Grex resource.
|
danr
|
|
response 10 of 15:
|
Jun 13 02:38 UTC 1995 |
I'm with Jan on this. I've said for a long time, that Grex needs an update.
|
remmers
|
|
response 11 of 15:
|
Jun 13 07:40 UTC 1995 |
Go for it.
|
janc
|
|
response 12 of 15:
|
Jun 13 15:55 UTC 1995 |
Hmmm...went browsing through an older copy of newuser. It would be easy
enough to pull the code I need, but it would be hard to modify the regular
newuser so the two could cleanly share common .c files. My plan would
probably be to leave newuser untouched and just lift code from it for the
web version. This is not so great for future maintainance, since a lot of
code would be duplicated between the two, so you'd have to do each bug fix
to the adduser and sanity checking parts twice.
|
marcvh
|
|
response 13 of 15:
|
Jun 18 14:35 UTC 1995 |
ObPeeve: Never say "click here" in HTML.
This seems like a reasonable idea, and for people familiar with Web stuff
(a lot of them) the interface is easier to use. I'd encourage you to
use a method of POST in the real implementation for security and sanity
reasons.
|
dpc
|
|
response 14 of 15:
|
Jun 18 15:09 UTC 1995 |
I like janc's idea a lot!! I've also been worried about the oncoming
obsolescence of text-based systems.
|
janc
|
|
response 15 of 15:
|
Jun 19 02:48 UTC 1995 |
(I agree that "click here" suxs, but in describing what it would be like off
the web it is a clear way of stating it.)
|