>From: "Guillory, Anthony" <address@hidden> >Organization: NASA/MSFC >Keywords: 200001311730.KAA02738 McIDAS ADDE accounting Anthony, >I'm going to show my limited knowledge of the interworking of Unix/McIDAS >here. But from what I remember we opted not to run the McIDAS accounting >s/w because of security concerns and that's why we opted for the approach >that we did (Unix Services deny/allow files - ok, I don't know the >"official" names but you know what I mean). I talked to my system administrator, and he said that the log messages you sent along are from TCP wrappers. >But you do have a point about >the reverse name lookup. The reason I mentioned this was that it is an important issue in our LDM system also. >I've seen that problem appear before but for other >services - namely telnet and ftp. Will check that one!!!! I'll ask my sysadmin about this. He will probably be able to answer this off of the top of his head. >And to mention >another thing Tom brought out - once you have access to our server you have >access to everything within ADDE there are no limitations other than >read-only. Right. This is the problem I have with both use of TCP wrappers and the SSEC ADDE McIDAS accounting system. I think that the end user should have very fine scale control over data set access. >But I do understand Unidata concern about NLDN data, etc. we >have similar datasets that are not accessible. It seems like every site that I talk to says the exact same thing. There is a general desire to allow just about everyone to get access to most datasets, but there is also a great need to have the ability to deny access to certain datasets on a case-by-case (even user-by-user) basis. >Tom, I agree we (MSFC and Unidata) should talk about data (we have processor >and disk limitations to consider on our end). I understand completely. >Unfortunately, I'll have to >take a look at things a little later in the week. Stay on my case! Will do. You have so much to offer our community that I will have to maintain our dialogue. >I have >to get a talk ready for a Rotary Club talk tomorrow, so I'm kinda rushed at >the moment. Talk to you later... Tom
NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.