W3C PICS

Amaya/PICS


Download the source code

User Documentation
Technical Details
Credits

This version of Amaya was developed and tested under RedHat Linux 4.2. It may work under other Unix systems that support Amaya/Java. It does not currently work under Windows.

This document contains information only about the PICS features of Amaya. Full documentation about how to install and use Amaya can be found on its Home Page


User Documentation

Amaya/PICS is a modification of the Amaya web browser to support PICS based filters using the new PICSRules profile language.

This implementation of PICS currently only supports labels embedded in the header of HTML files. A future version will support label bureaus.

When a user visits a page with valid labels, the active profile (if any) is evaluated against those labels and the page is either blocked or displayed.

The filter is incorporated directly into Amaya's HTTP stack. Each page is filtered as it is returned from an HTTP GET request. The filter processes the page after is has been received but before it is displayed. When the filter blocks a page, it displays an error page to the user instead, indicating that the requested page did not pass the current filter.

The interface provides some measure of security to prevent users from tampering with their profile without permission. Each user has a password attached to their profile. The system's root password is required to set a Amaya profile password for a user. Once in place, the user's Amaya password is required to change the profile or to deactivate filtering. In this manner, users who possess their own password are able to configure their filters, but users who are not given their password are unable to change their profile configuration. Profile installation consists of clicking on a link to a profile in the browser window.

The profile is secured to prevent tampering. Since some information about the filter is stored in Amaya when the user quits the program, this information had to be protected. Cryptographic fingerprints of this information is stored in the user's .thotrc file. An MD5 hash of the user's profile appears, as well as a hash of their password. Modifications of the user's profile can be detected by comparing the profile to its hash. Amaya expects to find both of these hashes in the user's .thotrc file, and uses the default profile if it cannot find them, assuming that the user may have deleted them in an attempt to bypass the security measures.

If any of the filter state in the profile or the .thotrc file has been modified or deleted (or if this is a new copy of Amaya and the profile has not been configured yet), the system defaults to a system-wide profile installed by root. The user will still be able to browse the Web, but with the default profile active instead. Amaya will continue using this default profile until the offending modification is repaired by someone with the root password.

On the button bar, there is now a root mode button which prompts the user for the system's root password. If the password is entered correctly, the browser will enter root mode. While in root mode, all filtering is disabled and the user is free to install new profiles. The password used to install the profile will then become that user's new Amaya password. Thus, root can change a user's Amaya password by putting the user's browser into root mode, installing a profile, and giving the new password at the prompt. A user mode button takes the browser back to normal operation.

The default profile must be set up manually by root and placed at /.default.rlz If root is logged in and running Amaya, this profile may be changed within Amaya by installing a profile and giving it the user name of everyone". Note that this only works if the user is logged in as root and running Amaya. Simply entering root mode in Amaya while running it under a user's account will not work.

Technical Details

Technical details have their own page.


Credits

David Shapiro -- MIT/W3C
dshapiro@w3.org

Seth Webster -- MIT

swebster@mit.edu

This project would have not been possible were it not for the previous work of Amaya's Authors


dshapiro@w3.org
17 December 97