Time  Nick     Message
16:41 owen     So Koha has a system preference for date format, right?  Does anyone know of an example in the code where that date format is applied?
16:54 owen     Oh, I see.  Right in front of me.
19:59 kados    chris around?
19:59 kados    I've got a quick apache security question
20:00 kados    I'm wondering whether it's any less safe to setup Koha on only port 80 and use the virtual host ServerName directive to distinguish between opac and intranet (opac.athen.. and intranet.athen...)
20:01 kados    so use <VirtualHost *:80>
20:01 kados    for both
20:01 ambrose  i don't think it's any less safe, fwiw
20:01 kados    cool, thanks
20:02 chris    nope no less safe really
20:02 kados    do you know what the reason for putting intranet on 8080 was originally?
20:02 chris    lots of ppl dont run their own dns
20:02 chris    originally it wasnt on 8080
20:03 chris    that came in round 1.2.0
20:03 kados    oh :-)
20:03 chris    because people often only had somehting.something.something
20:03 chris    and couldnt make the koha.something and opac.something etc
20:04 kados    ahh ... makes sense
20:04 kados    thanks chris
20:04 chris    at hlt koha.something resolves to an ipnumber that is only available internally
20:04 kados    yea that's what I'm thinking of doing
20:04 chris    cool
20:04 kados    too bad our network is a bit fragmented these days
20:05 kados    we used to have strictly internal ip ranges that all branches could access
20:05 kados    but now we've got several branches using dsl and cable modem and they only have one IP ...
20:05 kados    I suppose i could setup virtual tunneling
20:06 kados    but not on our routers as they stand ...
20:06 kados    Stephen liked the idea of using fanless OpenBSD boxes so that may happen here soon
20:06 chris    sweet :)
20:07 kados    for now I'm trying to figure out a way to get our next Koha 2.2 machine securely configured without those nifty BSD guys
20:08 kados    We have to use a public IP since several of our branches have to cross the internet cloud to get to our main branch
20:08 kados    any suggestions?
20:08 chris    ipsec tunnels?
20:08 kados    hmmm ...
20:09 chris    ie build a little vpn
20:09 chris    and have the librarian interface available on that
20:09 kados    yea ... but we can't do that with our current routers
20:09 chris    ahh right
20:09 kados    and I dont' think we'll get the BSD boxes for about 6 months or so
20:10 kados    Is there some way to limit connections to an interface in Apache to certain IP ranges?
20:10 chris    you could put some basic http auth on the libraian interace
20:10 chris    certainly
20:10 chris    in your virtualhost you can have
20:11 chris    <Limit GET POST>
20:11 chris    Order allow,deny
20:11 chris    Allow from 203.79.121.240
20:11 chris    </Limit>
20:11 kados    cool ... and I suppose I could have Allow from 66.213.78.0/24 too?
20:12 chris    yep, but that is
20:12 chris    66.213.78.*
20:12 kados    ahh
20:12 chris    i think is the syntax
20:12 kados    thanks chris that will do it I think
20:12 chris    otherwise u just have lots of Allow lines
20:12 kados    I can narrow down the IP addresses of our remote branches
20:12 chris    one per ipnumber
20:12 kados    and limit connections to those IPs + our class 3
20:13 chris    right
20:13 chris    souunds like a pretty good start
20:13 chris    every other ip will get a 403
20:13 kados    I suppose IP spoofing is always a possibility
20:14 chris    yep but its raising the bar
20:14 chris    and thats what security is all about really
20:14 kados    right ...
20:14 kados    so one more question now that we're talking about security
20:15 kados    do you see Koha ever using ssh for data transfer on the opac side?
20:15 kados    (patrons data is currently clear text until it hits the server)
20:15 kados    and even then only the password is encrypted
20:15 chris    right you could put the opac on https://
20:16 kados    can I do that with virutal hosts?
20:16 kados    I thought I couldn't ...
20:16 kados    would we have to buy a certificate or something?
20:16 chris    yep
20:17 chris    and you can only have one secure site per ipnumber
20:17 kados    how seamless would that transition be do you think?
20:17 chris    ie you cant have https://koha.someth and https://opac.something if they both resolve the same ipnumber
20:17 kados    ahh
20:17 kados    well we could just use another IP for that on the same machine tho, ne?
20:18 chris    exactly
20:18 chris    and you could have http://opac just redirect to https://opac
20:18 kados    hmmm ... any good docs on how to do that?
20:18 chris    set up a secure site? or do a redirect?
20:18 kados    both
20:19 kados    I guess the first first :-)
20:19 chris    Redirect / https://opac.something
20:19 kados    hehe
20:19 chris    you just put that in ur http opac virtual host config
20:19 kados    ok ...
20:19 chris    you run apache2 right?
20:20 kados    yea ...
20:22 chris    right
20:23 chris    http://www.informit.com/articles/article.asp?p=30115&seqNum=3 might be some help
20:23 kados    cool ... thanks
21:09 kados    thanks for the help chris I think I've got a really killer httpd.conf now I just have to wait till our ISP adds the DNS so I can test it (I self-certified for now just to test)
21:09 chris    sweet
21:10 kados    I'm gonna head out ... see you tomorrow
21:10 chris    cya
21:34 tungsten can someone give me a hand getting my borrower data in?
21:34 tungsten thanks
22:13 tungsten got it in will report to wiki thanks
05:25 genji    hiya. help! problem. Subjectheadings textarea is not getting into the database.
06:16 genji    BUG FOUND!
06:28 genji    then again, bug not found. gah.
09:15 genji    hey paul, you active?
09:15 paul     lucky man ;-)
09:16 genji    hiya. help! problem. Subjectheadings textarea is not getting into the database, using saveitem.pl in acqui.simple. call to modsubject is correct, as ive tested it in perl -d.
09:16 paul     you have MARC=OFF in systemprefs ?
09:17 genji    yup.
09:17 paul     so I can't help you. You need to ask chris, he & katipo are the MARC=OFF guys. I'm the MARC=ON one ;-)
09:17 genji    k. maybe i put marc=on and try it?
09:19 genji    okay... where the... where do you put subjects in the marc biblio?
09:19 paul     in the marc biblio, everything is stored in :
09:20 paul     * marc_biblio for header
09:20 paul     * marc_subfield_table for subfields
09:20 paul     * marc_word for all words of a subfield
09:20 genji    http://intranet/cgi-bin/koha/acqui.simple/addbiblio.pl marc=on. where do i put it?
09:20 genji    there isn't any subject field.
09:20 paul     the C4::Biblio/MARCkoha2marc sub will transform a non-MARC hash info a hash one.
09:20 paul     you need to modify your cataloguing setup
09:21 paul     (Koha >> Parameters >> biblio frameworks)
09:21 paul     then select your "item" MARC field
09:21 paul     and just add your subject somewhere.
09:21 paul     in tab 10 (items), with any other constraint.
09:21 paul     oups, no
09:21 paul     sorrys.
09:22 paul     nothing to deal with "items".
09:22 paul     so :
09:22 paul     go to biblio framework
09:22 paul     select the tag (MARC field) where your subject is stored
09:22 paul     "activate" it in any tab (except 10, that is for items)
09:22 paul     add any other constraint (like "mandatory" or not...)
09:22 paul     and that's all.
09:23 paul     your MARC editor will now show it & koha will store it
09:23 paul     if you want to do everything :
09:23 paul     "link" this field to bibliosubject.subject in the non MARC DB
09:24 genji    eh.. too difficult. ill talk to chris tomorrow.
09:24 paul     too difficult, but very powerful.