[CWB] Public Access to CWB

Hardie, Andrew a.hardie at lancaster.ac.uk
Sun Oct 19 21:37:46 CEST 2014


If you have a CQPweb version >= 3.1 then access is no longer controlled by htaccess. It's done by a secure login instead. BUT it is possible for people to create their own accounts on the system. If all your corpora are on lowest security (access granted to "everybody") then anyone who creates an account will get access to all of them.

I have not looked in detail yet at the issue of having a server accessible without login under the new system. I do know that unprotected servers are vulnerable to automated blog-comment spam - if spam is submitted to the User Macro system, it gets loaded to CQP every time, which makes queries impossible. So, for my money, it is best to get people to create accounts even if your resources are completely open-access.

best

Andrew.

-----Original Message-----
From: cwb-bounces at sslmit.unibo.it [mailto:cwb-bounces at sslmit.unibo.it] On Behalf Of Tomaž Erjavec
Sent: 17 October 2014 09:53
To: cwb at sslmit.unibo.it
Subject: Re: [CWB] Public Access to CWB

Hi,
we have our concordancer open, and I think that should be the default, except if you have some really sensitive corpora.
However, it is a good idea to have a robots.txt telling crawlers not to index the concordancer; in Slovenia we already had a problem where somebody complained to our Information Commissioner,  because the first hit on Google on her name returned concordances where she was mentioned in an old newspaper article in some unsavoury context.
Also, our concordancer once crashed because a search engine sent so many queries that the cache filled up the sys disk.
So, my advice would be .htaccess no, robots yes.
Best,
Tomaž

Dne 17.10.2014 ob 10:15 je Stephen Barrett zapisal(a):
> Dear All,
>
> We're about to launch a website which makes use of the excellent CWB. One rather basic question: if we remove htaccess in order for full public access I assume that leaves the site open to abuse. Is there a recommended strategy for public access that keeps the admin side secure?
>
> Many thanks (and many thanks for such an excellent product!)
>
> Regards
>
> Stephen Barrett
> s
> _______________________________________________
> CWB mailing list
> CWB at sslmit.unibo.it
> http://devel.sslmit.unibo.it/mailman/listinfo/cwb

_______________________________________________
CWB mailing list
CWB at sslmit.unibo.it
http://devel.sslmit.unibo.it/mailman/listinfo/cwb


More information about the CWB mailing list