[opensource] Persistent ResNET Login

friedly.1 at osu.edu friedly.1 at osu.edu
Fri May 13 13:19:35 EDT 2011


I see that the target URL could be a pretty big problem, but could we make  
Apache handle one specific URL request with automatic 404s (as someone  
suggested earlier) and avoid the Drupal overhead.. Or we could set up a very  
small webserver running on Node.js (fast) to just automatically hand out 404s  
for us. The Ruby club has been experimenting with node recently and I'm  
almost certain we could serve 404s with sufficient speed. The page doesn't  
really need to have anything other than the right http response code.

As far as getting a list of allowed certificates, it would add quite a bit of  
complexity, but you could maybe pull it from the user's browser; the list has  
to be in there some where. Or I could maybe just package my current list of  
allowed CA's from Firefox with the script and have it check that. It wouldn't  
stay up to date, but hopefully that wouldn't cause too much trouble; it might  
even be safer given the ease with which a malicious individual can become a  
CA nowadays.

As far as having it on pastebin goes, the idea was to make it anonymous so  
nobody would get in trouble. But then I went and posted to the mailing list  
as myself (doh!) so now it doesn't really do much. At this point I think the  
"We'll take it down right away boss" is a better strategy than pointing all  
our requests at ResNET. The original script by Andrew is at
https://github.com/krieger63/OSU-ResNet-Login
and my slightly modified version is at
https://github.com/jfriedly/OSU-ResNet-Login .
I'll have an updated version pushed later today.



More information about the Opensource mailing list