MTAS and other NHS websites

[Mary Hawking]

>>Are there any *fool-proof* (fools exist everywhere ;- to prevent 
>>incompetent or malicious uploading to the wrong place?
>
>There are some fairly simple brute-force ways (from the sticking 
>plaster book of web hosting):
>
>(1) Only allow [fsvo] trusted people write-permission to those folders 
>at all.
>
>(2) Have a separate process constantly running which knows which files 
>have been "passed" as suitable for uploading (with only [fsvo] trusted 
>people allowed to edit that list), and remove any files not on that 
>list into quarantine on a regular basis (eg once every 10 seconds).

This appears to be a website containing information about processes. Is 
it safe to assume that one would *expect* procedures to be in place to 
approve documents before they were allowed to be uploaded?

>The maverick uploaders will eventually give up.

Are you assuming malice rather than accident?
If so, this is a different - and very disturbing - scenario.

>
>And at a different level:
>
>(3) Turn off the web browser's facility where it lists the filenames in 
>the absence of an index.html file in that folder - or maybe have an 
>index.html that requires a [fsvo] trusted person to edit it when new 
>and approved files are uploaded.
>
>Of course, this also begs the question of who writes the procedures, 
>who is "trusted", and what "approved" means.

Part of the business plan for that website?

Mary Hawking
>--
>Roland Perry

-- 
Mary Hawking