PubCrawler Web-Service - Help with Access Issues
All user specific information (including PubCrawler results) on our server are protected by a password that you chose at the registration process.
To access your results or to change your settings you are normally asked for your user name and your password first.
The browser can carry out authentication for you with the help of cookies. These are little data packages stored on your computer which contain your user name and an encrypted version of your password. Cookies will only be set if the according option is activated in your WWW-PubCrawler settings. But once they are set they are being used prior to manual authentication.
Access Problems and Security Issues
Several problems can arise from the usage of cookies:
- Anybody using the same browser on the same computer could gain access to the data of the user who enabled authentication through cookies. This is particularly true for single user systems like Macintosh or Windows.
- If more than one user on the same computer enables authentication through cookies, previous set cookies will be overwritten. Other users will gain access to that last persons data instead of their own.
- A change of password requires the modification of password files on our server. These changes might need up to 24 hours to come into effect. Until then authentication through cookies is not guaranteed to work properly and the old password might still be necessary.
- Cookie authentication grants access to user information but before any modifications can be saved the manual submission of the correct password is always required. This prevents unauthorized people from changing or deleting your data.
- In case cookie authentication does not work properly (because the password or the cookie has changed) the user is normally prompted for the password.
- Accessing queries and settings from the PubCrawler WWW-Service page at http://pubcrawler.gen.tcd.ie/www.html requires entering of user name and password and bypasses cookie authentication entirely.
- Tip: Don't enable cookie authentication if you are sharing the computer with other people, unless you are working on a true multi-user system like UNIX or Linux.
User AAA and user BBB are both accessing PubCrawler's WWW-Service from a Macintosh/Windows computer that they share. AAA has enabled cookie authentication, BBB does not.
One day AAA checks her results on the web. She uses the 'easy-check' link (http://pubcrawler.gen.tcd.ie/cgi-bin/pubcrawler.results) because she has enabled cookies and will be promptly served with her results page. After checking it she decides to change some queries. She clicks on the button labeled 'Modify Queries' and will be transfered straight to the PubCrawler Configurator where she can work on her previously defined queries. That's how it should work - fine.
Now BBB comes along and checks his results as well, using the same browser on the same computer. Since he didn't enable cookie authentication he accesses his results directly at http://pubcrawler.gen.tcd.ie/db/BBB. First he is prompted for his user name and password and then gets the results. After going through them he decides as well to change some of the queries. He clicks on the button 'Modify Queries' and - guess what - is presented with AAA's queries loaded into the PubCrawler Configurator page - duh! That's not what he wanted.
To avoid that BBB has to go to the PubCrawler WWW-Service page at http://pubcrawler.gen.tcd.ie/www.html, enters user name and password, clicks on 'Modify Queries and Options', and then is presented with his own queries. Hurray!
BBB later on informs AAA about what happened. AAA in the following decides to disable her cookies. From her results page she clicks on 'Modify Settings' and changes the 'easy-check' option. This will come into effect the next time the browser is closed down and restarted.
[Home] [PubCrawler WWW-Service]
Last modified at $Date: 1999/10/22 18:05:29 $