[gopher] A Gopher noob and endless questions. ;-)

Wed Apr 7 15:16:46 UTC 2010

On Apr 7, 2010, at 9:59 AM 4/7/10, Cameron Kaiser wrote:

> Mike,
>
>> Hey all!  I've been fooling around with pygopherd after being
>> introduced to Gopherspace a while back by a friend of mine.  ( My
>> current server - gopher://www.terminalcore.net - NetBSD 3.0 Sparc64,
>> Netra T105)
>>
>> It's interesting stuff and in a lot of ways eminently better than FTP
>> or certain other serving methods.  I like it also because it doesn't
>> take up a lot of horsepower.
>
> Nice. I'll add your site to the new gophers list, and V-2 will seed  
> off
> of that. What would you like the display string to be?

The Terminal Core is good.  (That's a FLCL reference for any anime  
fans out there.)

>> One thing I noticed is that there doesn't seem to be an easy way to
>> make a front-end authentication page if you wanted part of your  
>> Gopher
>> server to be secure.  (At least I didn't see a way.)
>
> Unfortunately no, unless you wrote some custom server that required
> signed credentials on each access. This would of course probably  
> demand
> a custom client.

As I suspected.  I could do it using IP blocking at the firewall or  
port knocking or something equally nutty but those have serious issues.

>> Can this be done with +ASK?  Does anybody have an example of using
>> +ASK that doesn't make my head hurt?
>
> +ASK could handle the form, but the server would still have to enforce
> the security. I suppose you could have a mole as a front end, but I  
> would
> have to think about the potential gaps in that. Or, you could use  
> itemtype
> 7, though this is a little more opaque.

So let me ask you this then - does the +ASK form have the ability to  
populate a text file?  If so then I just thought of something.

You could have a daemon running in the background that checks the text  
file for name:passwd then fires up a server session on a particular  
port.  The gophermap behind the ask form would have custom links for  
each user.  The links would only then be active if someone has logged  
in via the +ASK form.  Put a logoff +ASK form in the user gopherspace  
and give the daemon a timeout ability to kill the special server  
session and the user gopherspace would then only be available when  
someone was properly logged in.

It's a kludge and it doesn't provide password security but it would  
work in theory.  (Provided I don't have the capabilities of +
ASK wrong in my head - I'm still very fuzzy on a lot of Gopher stuff.)

Also you'd have to define a range of ports in the firewall as  
dedicated Gopher ports.

> And, of course, Gopher over TLS or
> SSL has been proposed but not ever, to my knowledge, implemented.

I'm not really looking for secure Gopher but TLS/SSL would indeed rock.

--
Mike

"All we wanna do is eat your brains! We're not unreasonable, I mean no  
one's gonna eat your eyes." - Re: Brains, Jonathan Coultan