Paper Submission Revisited File and Web Servers Scripts

Paper Submission, Revisited - File and Web Servers, Scripts, Security Issues Company Jan Chrin, PSI Meeting LOGO Team 13 -18 November 2005, INFN, Frascati

Outline 1. The LOC Perspective 2. The Author Perspective 3. Security Issues

The LOC Perspective Ready Steady Submit! SPMS File Server CGI Script Oracle DBMS Paper Metadata Web Server Paper Store Paper Upload To File Server

Conference SPMS Conference LOC responsible for - Installing - Configuring - Managing conference SPMS instance SPMS Download: http: //www-esh. fnal. gov/spms/ SPMS - JACo. W SPMS User Account required (Author Profile) - manage all contributions to the conference - user interface for paper submission (over http) - stores relevant metadata pertaining to the contribution Papers themselves however are NOT stored within the SPMS

File Server The File Server / Web Server is The Paper Submission Server The File Server is where all files (source, postscript, supporting files e. g. eps, gif, bmp and presentations) submitted by the author (over http) for paper processing are stored Access to the File Server (by Authors and Editors) is thru a Web Server SPMS web interface is the only allowed route for paper submission to file server. No ftp! No memory stick! No CD!

File / Web Server Location @ EPAC’ 02 (Paris): LOC set-up and ran its own Web Server for paper submission. This same Web Server also hosted the Conference web pages Web Server acted as File Server for storage of contributed papers Physically located at LAL, Orsay (for conference pre-processing) and moved to conference site in Paris for conference processing i. e. Web Server integrated into the Proceedings Office Paper metadata routed to Oracle database (preceded SPMS) at CERN. Advantage: Papers physically in close proximity to Editors Disadvantage: Installation, management, security of Web Server is in the domain of the LOC; Web Server is carted around leading to a submission dead-time; Networking; New IP address to DNS lookup table

File / Web Server Location @ EPAC’ 04 Conference Website (http: //www. epac 04. ch) hosted at PSI (Central PSI Web Server – Linux/Apache) acted as Web / File Server for paper submission Advantages: Web Server in the experienced hands of IT group; PSI Web Server already configured for easy integration of new projects; Data regularly backed-up; Apache Security issues dealt by experts. EPAC’ 04: Paper metadata submitted to SPMS instance hosted at CERN

AFS File Server PSI Web Server Central AFS file servers provided the storage for the EPAC 04 “project” Web pages: afspsi. chprojectepac 04www Conference papers: afspsi. chprojectepac 04papers An AFS EPAC’ 04 project-group created, members of which would get read/write/modify privileges in the epac 04 directory. Ideal for distributed project members from PSI, ETH-Zurich and CERN. Better security since access control is based on a kerberos server with strong authentication (klog, tokens, access control lists etc…) Only project members have access to the data.

What Web Servers Where? Two Physical Web Servers SPMS Oracle AS File Server Conference Web Server EPAC: File Server should be local to Web Server executing Scripts

Disk Space Requirements EPAC’ 02 ~900 contributed papers required 6 GBytes Total document data sizes listed do not include back-up data EPAC’ 04 ~900 contributed papers (+supporting files, re-submissions, talks, etc. ) required 8. 3 GBytes i. e. <contributed paper> ~ 9 MByte (includes all uploaded files) PAC’ 05 ~1400 contributed papers ~8 GBytes i. e. <contributed paper> ~ 6 MByte (includes all uploaded files)

Disk Space Usage EPAC’ 04 MByte DOC TEX EPS PS PDF OTHER PPT TOT MON 275 315 918 197 147 441 2293 TUE 463 184 937 263 110 WED 306 204 785 197 88 216 1796 THU 391 175 1031 283 73 174 2127 FRI 15 TOT 1450 %TOT 0 1 62 2019 8 13 60 97 878 3679 953 419 853 8332 18% 11% 44% 12% 5% 10%

File Upload Script $File. Server/papers/WEXLH 01/ Author: Ivan Andrian $File. Server/cgi-bin/upload. pl Source WEXLH 01. TEX WEXLH 01. DOC Supporting Files e. g. Figures Post. Script WEXLH 01 F 1. EPS WEXLH 01. PS PDF WEXLH 01. PDF Talks WEXLH 01. PPT

At The Conference Site Paper submission deadline ~ 4 days before conference start. But authors can continue to upload papers (revised or first submission) during the week of the conference via the internet café. Software to enable authors to edit their papers at the internet café may be desirable but not required. Editors are continually downloading papers from the File Server for editing and uploading final PDF files for publications (and any modified source/PS files) It is the busiest of weeks for the Web/File Servers in terms of load! Network infrastructure at conference site MUST comfortably allow for the required bandwidth and be 100% reliable. Expert networking personnel and support required!

Bandwidth at EPAC’ 04 download upload Pre-Conference: 0. 5 Mbit/s Conference Week: 1. 0 Mbit/s Pre-conference Conference Peak Usage: 4. 0 Mbit/s corresponds to presentation video uploads upload of presentation videos

The Author Perspective JACo. W SPMS User Account JACo. W Author Profile Repository Central JACo. W repository of individual profiles and affiliations Authors MUST previously have created a JACo. W SPMS User Account in order to “LOGIN” to the Conference SPMS instance (via a web interface) and submit their paper http: //oraweb. cern. ch: 9000/pls/jacow/profile. new_account

Author Submission Cycle SPMS Login Upload Files Start here (using JACo. W template!) Paper Submission Cyclotron Prepare Files SPMS Logout Discover Mistake! Further uploads prohibited once paper is processed by Editor

File Upload Web Interface www. epac 04. ch/cgi-bin/upload. pl Files uploaded are displayed

File Download Papers categorized according to file type Only the most recent files are shown (for a given filename)

File Download Most legitimate file extensions are recognized… … and all are caught! Bibliography database

Security Issues Web Servers + CGI Scripts immediately raise questions concerning protection from accidental access or misuse from legitimate users (even with the best of intentions) or even malevolent intruders! IT Web Server administrator: security conscience! Any CGI script provided by a developer can make the server vulnerable to attack! Developer must ensure that scripts do not pose a security risk. Verify visitor’s input is correct and never pass unchecked remote user input to a shell command e. g. in Perl: system(), exec(), eval(), piped open() functions

Security Issues The Treasure: the files on the File Server Be sure to know who exactly has write access to the File Server SPMS Login already prevents other users from accessing or accidentally deleting other people’s files. Author allowed to upload n times. Impose n(max)? Can impose max file size in upload script

Paper Submission Framework Present framework (SMPS + File Server + Upload/Download scripts) in place since EPAC’ 04 All components of the framework (distributed system) need to be functional for paper submission to be effective Since used by all subsequent JACo. W Conferences www: Works Wonderfully Well!