Thursday, November 19, 2009

permissions with rsync

Quoting from rsync man page: to give destination files (both old and new) the source permissions, use --perms. To give new files the destination-default permissions (while leaving existing files unchanged), make sure that the --perms option is off and use --chmod=ugo=rwX

 rsync -av --no-p --chmod=ugo=rwX -e "ssh -i /path/to/key" src dest 

Tricky Back Button

I'm working on a web portal that uses CAS authentication, and would like to prevent someone from using the browser back button to see secure/private contents of a logged out user. It basically requires disabling the browser cache for dynamically generated pages. Obviously it's nothing new and got to have tons of perfect solutions out there. However, after spending days poking online, following tricks satisfied me a lazy amateur web developer:

  • JavaScript onUnload event: either use
     <body onunload="">
    at the beginning of the HTML page, or
     <script> window.onbeforeunload = function () {} <script> 
    before the end of HTML body tag.

  • Above worked with Safari and IE, but not Firefox 3.5. Next trick is to use HTTP Cache-Control attributes in a response header. Django code example:

    response['Pragma'] = 'no-cache'
    response['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
    response['Expires'] = 0

  • I have a form using the POST method in the page. After logging out, browser back button would resubmit the form information to the expired user session, and cause the browser to display unexpected connection drop error. Redirecting the page using
    right after the form submission solved the issue.