Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 213 of 801  Not logged in ELOG logo
ID Date Icon Author Author Email Categorydown OS ELOG Version Subject
  65871   Tue May 6 21:40:05 2008 Question Bill Pierbpier@clove.orgQuestionLinux2.7.3-2058any support of encrypted logfiles?

I'm sure this topic has been visited previously, but a search of this forum didn't show any results.

Is there are support or already proven method of encrypting the logfiles that Elog serves up?

 

thanks,

Bill

 

  65872   Tue May 6 21:47:32 2008 Reply Stefan Rittstefan.ritt@psi.chQuestionLinux2.7.3-2058Re: any support of encrypted logfiles?

Bill Pier wrote:

I'm sure this topic has been visited previously, but a search of this forum didn't show any results.

Is there are support or already proven method of encrypting the logfiles that Elog serves up? 

There is no native support for encryption inside ELOG, but you can use some external tool to achieve encryption. You can for example use TrueCrypt to mount a virtual encrypted drive, where you store your log files.

  65873   Wed May 7 17:10:07 2008 Question Dennis Seitzdseitz@berkeley.eduQuestionAlllatest$entry time not readable by Subst, else not datetime type?
I posted this on the end of an earlier thread but I thought it might be better to repost as a separate thread:


Thank you for pointing out the method to identify an attribute as a datetime type so that it will sort properly. I now have created my "Last Edit" attribute in several
preexisting logbooks.

I want to use
Start page = ?rsort=Last Edit
to set the default sorting of each logbook to be by Last Edit.

However, all of the entries made before I added Last Edit have no value for that field, so they are all grouped together at the end of the sort. So I
decided to go through the older entries and set Last Edit equal to the original entry date, as a starting value.

I tried to use the command
Subst on edit Last Edit = $entry time
but it gives a "-" for the Last Edit value when I edit an entry.

I think this is because $entry time is not a variable supported by Subst. Can you add that support, or else tell me if you know a better way to go about
doing what I'm attempting? Is there perhaps a way to globally process a group of entries in a logbook and set one attribute's value to be equal to
another's? To reiterate, I want to initialize Last Edit = $entrytime for all entries that have not been re-edited.

Thanks
  65878   Mon May 12 10:16:21 2008 Idea Grant Jeffcotegrant@jeffcote.orgQuestion 2.7.3-1024Access Control
Hi Stefan,

We have a configuration where different sites have their own logbooks all under the same server, these are accessed by relevant parties as you might expect by selecting the appropriate tab at the top of the page.
Everyone has visibility of everyone elses logbook as a guest but we have purposely limited the 'Guest' users view (hiding the text portion etc) for various reasons.

We would now like to allow certain parties to view certain logbooks in their entirety but with a 'Read Only' view, I see this can be done but only using a common password. (Read password = <encoded password>)

At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access. Also if they click on the tab for a logbook that they are not a 'User' for they are logged out of their existing logbook forcing them to have to log back on. If they are designated in a 'Read Only' viewers list for that logbook then their existing password would presumably be read from the global password file and they wouldn't be logged out?

I would like to be able to implement a 'Read' access view for some parties but not have a common password (use the password file?) and not force the other party to re-logon to view the other logbook.

Something like the ability to add a "Read user = <user list>" in each logbook as can be done with 'Login User' and 'Admin User' at present would be great.

Could you let me know if this is feasible please?

Many thanks in advance.
  65879   Tue May 13 16:58:40 2008 Reply Yoshio ImaiQuestion 2.7.3-1024Re: Access Control

Grant Jeffcote wrote:
At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access.


I think the solution to your problem would be to use Deny statements in the configuration sections for the logbooks.
Assume user1, user2 and user3 are in the "owners'" group of logbook1, and user4 and user5 only have "privileged read" access. Then a configuration as follows might help:
Login user = user1, user2, user3, user4, user5

Deny New = user4, user5
Deny Reply = user4, user5
Deny Duplicate = user4, user5
Deny Edit = user4, user5
Deny Delete = user4, user5
Deny Select = user4, user5
Deny CSV Import = user4, user5

This should give them the same read permissions as the logbook owners but should deny any writing operations. I recognize that this is a little bit of admin work if the lists of such "privileged readers" gets long, but each user would have his/her individual password (even the same as for access to his/her "own" logbook).

Perhaps you can give it a try.
  65880   Tue May 13 21:56:30 2008 Reply Grant Jeffcotegrant@jeffcote.orgQuestion 2.7.3-1024Re: Access Control

Yoshio Imai wrote:

Grant Jeffcote wrote:
At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access.


I think the solution to your problem would be to use Deny statements in the configuration sections for the logbooks.
Assume user1, user2 and user3 are in the "owners'" group of logbook1, and user4 and user5 only have "privileged read" access. Then a configuration as follows might help:
Login user = user1, user2, user3, user4, user5

Deny New = user4, user5
Deny Reply = user4, user5
Deny Duplicate = user4, user5
Deny Edit = user4, user5
Deny Delete = user4, user5
Deny Select = user4, user5
Deny CSV Import = user4, user5

This should give them the same read permissions as the logbook owners but should deny any writing operations. I recognize that this is a little bit of admin work if the lists of such "privileged readers" gets long, but each user would have his/her individual password (even the same as for access to his/her "own" logbook).

Perhaps you can give it a try.


What a great solution, thanks Yoshio, it works a treat.
  65881   Thu May 15 01:06:21 2008 Reply Dennis Seitzdseitz@cosmology.berkeley.eduQuestionAlllatestRe: Re: $entry time not readable by Subst, else not datetime type?

Dennis Seitz wrote:
I posted this on the end of an earlier thread but I thought it might be better to repost as a separate thread:


Thank you for pointing out the method to identify an attribute as a datetime type so that it will sort properly. I now have created my "Last Edit" attribute in several
preexisting logbooks.

I want to use
Start page = ?rsort=Last Edit
to set the default sorting of each logbook to be by Last Edit.

However, all of the entries made before I added Last Edit have no value for that field, so they are all grouped together at the end of the sort. So I
decided to go through the older entries and set Last Edit equal to the original entry date, as a starting value.

I tried to use the command
Subst on edit Last Edit = $entry time
but it gives a "-" for the Last Edit value when I edit an entry.

I think this is because $entry time is not a variable supported by Subst. Can you add that support, or else tell me if you know a better way to go about
doing what I'm attempting? Is there perhaps a way to globally process a group of entries in a logbook and set one attribute's value to be equal to
another's? To reiterate, I want to initialize Last Edit = $entrytime for all entries that have not been re-edited.

Thanks


OK, now I realize how stupid I sound here. To partially answer my own question: $entry time is a string and Last Edit is now a number since I have changed it to the datetime type so that it will sort properly.

So I can't make Last Edit = $entry time. Is there some way I can access the entry time in datetime format so that I can set Last Edit equal to that?

Sorry if I'm missing something obvious, I'm confused...
  65882   Thu May 15 17:45:44 2008 Reply Grant Jeffcotegrant@jeffcote.orgQuestion 2.7.3-1024Re: Access Control

Grant Jeffcote wrote:

Yoshio Imai wrote:

Grant Jeffcote wrote:
At present we can give others a full view by adding them to the 'Users' list for each individual logbook, this unfortunately also gives them 'write' access.


I think the solution to your problem would be to use Deny statements in the configuration sections for the logbooks.
Assume user1, user2 and user3 are in the "owners'" group of logbook1, and user4 and user5 only have "privileged read" access. Then a configuration as follows might help:
Login user = user1, user2, user3, user4, user5

Deny New = user4, user5
Deny Reply = user4, user5
Deny Duplicate = user4, user5
Deny Edit = user4, user5
Deny Delete = user4, user5
Deny Select = user4, user5
Deny CSV Import = user4, user5

This should give them the same read permissions as the logbook owners but should deny any writing operations. I recognize that this is a little bit of admin work if the lists of such "privileged readers" gets long, but each user would have his/her individual password (even the same as for access to his/her "own" logbook).

Perhaps you can give it a try.


What a great solution, thanks Yoshio, it works a treat.


Is there any way to give a logged in user a 'Guest' view on certain logbooks?
Unfortunately at the moment if they are not in the 'login users = ' group they are automatically logged out and have to re-log back into their own logbook.
ELOG V3.1.5-3fb85fa6