[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Those messages about "AUDITORY list edit URL"

Dear List -

Last night, every one of you was sent an email message giving you the
passcode-protected URL through which you can edit your AUDITORY list
information.  Although the URL and the web page are legitimate and
work correctly, the message informing you of the URL was sent in
error.  My apologies for the confusion this has caused.

What happened was this:  As many of you know, I have been quietly
implementing a more automated web-based system for maintaining the
list.  In order to make it fully automatic, I needed a way to let
individual list members find out the passcode-secured URL to edit
their own entries.  Anyone who knows the main list index URL (
http://www.auditory.org/ audindex.html ) can view the information
record for any of the list members who are listed there. (That was the
point of gathering this information in the first place, so that other
members of our community could refer to it.)  Of course a casual
reader cannot change the information, but there is a link on the record-view
page that, if clicked, results in an email message being sent to the
registered email address for that user giving them the URL including
the passcode that they should acccess to change their record.  Thus, a
list member can go to the index, view their record, then, if they want
to change something but don't have a record of their passcode, they
can click the link and it will be sent to them.  Anyone else could
click that link too, but it would only send a message to the
registered user.

Last night, audindex.html was found by a web-crawler robot, which I
suppose was bound to happen sooner or later.  Every single member page
was retrieved, and every single "mailback the URL" link was hit.
Since the system is still being debugged, I cc: all the automatic
messages to myself, so I had over 1000 messages in my inbox this

The good news is that the system appears to have handled the
exceptional load without any major problems.  Also, now that this
problem has been identified, I have updated the site's "robots.txt"
file to make sure that co-operative webcrawler robots know not to do
this again.  So I hope we won't see a repetition.

Apologies again for the confusion.  I welcome comments on this setup
or situation.


-- DAn Ellis <dpwe@ee.columbia.edu> http://www.ee.columbia.edu/~dpwe/
   Dept. of Elec. Eng., Columbia Univ., New York NY 10027 (212) 854-8928