[greenstone-devel] greenstone security

From Stephen.DeGabrielle@ntu.edu.au
DateMon, 18 Aug 2003 10:38:01 +0930
Subject [greenstone-devel] greenstone security
I know it might be a bit extreme, but secure access to a greenstone server
could be done with ssh tunneling. (I was looking at tunneling vnc with ssh
so I could use the GLI and build with -create_images remotely in a secure
way. See http://www.uk.research.att.com/vnc/sshvnc.html for VNC example)

I thought I'd mention it here as searching the mailing list is how I try to
answer my own questions most of the time, and it has not previously been
mentioned. Any thoughts?

Stephen

--

>From Stefan Boddie
Date Thu, 10 Jul 2003 11:19:01 -0600
Subject Re: [greenstone-users] Passwords on a library?
Jim Trott wrote:
> Is it possible to require a password to a Greenstone digital library
> before someone can even read documents in the library? Or must I
> password protect each individual document?
>
> Has anyone had experience with encrypting / protecting content in a
> library?
>
Greenstone's password protection stuff can't currently be configured to
protect a specific collection or document. With a fairly minor change to
the code you could make it work though. See the following links for
details:

http://www.nzdl.org/cgi-bin/library?a=d&c=gsarch&d=HASHbebd6f6a0af4389bdf35aes2

http://www.nzdl.org/cgi-bin/library?a=d&c=gsarch&d=HASHbebd6f6a0af4389bdf35aes3


Please note though that greenstone's authentication system provides only
a low level of security. In some cases you may even get your password
being passed around in a URL. For more serious security you're probably
better trying to configure your webserver to do the authentication.

regards,
Stefan.

> */Jim Trott
> /*Knowledge Management Director
> Millennium Relief and Development Services
> email: jtrott@mrds.org <mailto:jtrott@mrds.org>
> web: www.mrds.org <http://www.mrds.org/>
>
>