| Time |
S |
Nick |
Message |
| 16:41 |
|
owen |
So Koha has a system preference for date format, right? Does anyone know of an example in the code where that date format is applied? |
| 16:54 |
|
owen |
Oh, I see. Right in front of me. |
| 19:59 |
|
kados |
chris around? |
| 19:59 |
|
kados |
I've got a quick apache security question |
| 20:00 |
|
kados |
I'm wondering whether it's any less safe to setup Koha on only port 80 and use the virtual host ServerName directive to distinguish between opac and intranet (opac.athen.. and intranet.athen...) |
| 20:01 |
|
kados |
so use <VirtualHost *:80> |
| 20:01 |
|
kados |
for both |
| 20:01 |
|
ambrose |
i don't think it's any less safe, fwiw |
| 20:01 |
|
kados |
cool, thanks |
| 20:02 |
|
chris |
nope no less safe really |
| 20:02 |
|
kados |
do you know what the reason for putting intranet on 8080 was originally? |
| 20:02 |
|
chris |
lots of ppl dont run their own dns |
| 20:02 |
|
chris |
originally it wasnt on 8080 |
| 20:03 |
|
chris |
that came in round 1.2.0 |
| 20:03 |
|
kados |
oh :-) |
| 20:03 |
|
chris |
because people often only had somehting.something.something |
| 20:03 |
|
chris |
and couldnt make the koha.something and opac.something etc |
| 20:04 |
|
kados |
ahh ... makes sense |
| 20:04 |
|
kados |
thanks chris |
| 20:04 |
|
chris |
at hlt koha.something resolves to an ipnumber that is only available internally |
| 20:04 |
|
kados |
yea that's what I'm thinking of doing |
| 20:04 |
|
chris |
cool |
| 20:04 |
|
kados |
too bad our network is a bit fragmented these days |
| 20:05 |
|
kados |
we used to have strictly internal ip ranges that all branches could access |
| 20:05 |
|
kados |
but now we've got several branches using dsl and cable modem and they only have one IP ... |
| 20:05 |
|
kados |
I suppose i could setup virtual tunneling |
| 20:06 |
|
kados |
but not on our routers as they stand ... |
| 20:06 |
|
kados |
Stephen liked the idea of using fanless OpenBSD boxes so that may happen here soon |
| 20:06 |
|
chris |
sweet :) |
| 20:07 |
|
kados |
for now I'm trying to figure out a way to get our next Koha 2.2 machine securely configured without those nifty BSD guys |
| 20:08 |
|
kados |
We have to use a public IP since several of our branches have to cross the internet cloud to get to our main branch |
| 20:08 |
|
kados |
any suggestions? |
| 20:08 |
|
chris |
ipsec tunnels? |
| 20:08 |
|
kados |
hmmm ... |
| 20:09 |
|
chris |
ie build a little vpn |
| 20:09 |
|
chris |
and have the librarian interface available on that |
| 20:09 |
|
kados |
yea ... but we can't do that with our current routers |
| 20:09 |
|
chris |
ahh right |
| 20:09 |
|
kados |
and I dont' think we'll get the BSD boxes for about 6 months or so |
| 20:10 |
|
kados |
Is there some way to limit connections to an interface in Apache to certain IP ranges? |
| 20:10 |
|
chris |
you could put some basic http auth on the libraian interace |
| 20:10 |
|
chris |
certainly |
| 20:10 |
|
chris |
in your virtualhost you can have |
| 20:11 |
|
chris |
<Limit GET POST> |
| 20:11 |
|
chris |
Order allow,deny |
| 20:11 |
|
chris |
Allow from 203.79.121.240 |
| 20:11 |
|
chris |
</Limit> |
| 20:11 |
|
kados |
cool ... and I suppose I could have Allow from 66.213.78.0/24 too? |
| 20:12 |
|
chris |
yep, but that is |
| 20:12 |
|
chris |
66.213.78.* |
| 20:12 |
|
kados |
ahh |
| 20:12 |
|
chris |
i think is the syntax |
| 20:12 |
|
kados |
thanks chris that will do it I think |
| 20:12 |
|
chris |
otherwise u just have lots of Allow lines |
| 20:12 |
|
kados |
I can narrow down the IP addresses of our remote branches |
| 20:12 |
|
chris |
one per ipnumber |
| 20:12 |
|
kados |
and limit connections to those IPs + our class 3 |
| 20:13 |
|
chris |
right |
| 20:13 |
|
chris |
souunds like a pretty good start |
| 20:13 |
|
chris |
every other ip will get a 403 |
| 20:13 |
|
kados |
I suppose IP spoofing is always a possibility |
| 20:14 |
|
chris |
yep but its raising the bar |
| 20:14 |
|
chris |
and thats what security is all about really |
| 20:14 |
|
kados |
right ... |
| 20:14 |
|
kados |
so one more question now that we're talking about security |
| 20:15 |
|
kados |
do you see Koha ever using ssh for data transfer on the opac side? |
| 20:15 |
|
kados |
(patrons data is currently clear text until it hits the server) |
| 20:15 |
|
kados |
and even then only the password is encrypted |
| 20:15 |
|
chris |
right you could put the opac on https:// |
| 20:16 |
|
kados |
can I do that with virutal hosts? |
| 20:16 |
|
kados |
I thought I couldn't ... |
| 20:16 |
|
kados |
would we have to buy a certificate or something? |
| 20:16 |
|
chris |
yep |
| 20:17 |
|
chris |
and you can only have one secure site per ipnumber |
| 20:17 |
|
kados |
how seamless would that transition be do you think? |
| 20:17 |
|
chris |
ie you cant have https://koha.someth and https://opac.something if they both resolve the same ipnumber |
| 20:17 |
|
kados |
ahh |
| 20:17 |
|
kados |
well we could just use another IP for that on the same machine tho, ne? |
| 20:18 |
|
chris |
exactly |
| 20:18 |
|
chris |
and you could have http://opac just redirect to https://opac |
| 20:18 |
|
kados |
hmmm ... any good docs on how to do that? |
| 20:18 |
|
chris |
set up a secure site? or do a redirect? |
| 20:18 |
|
kados |
both |
| 20:19 |
|
kados |
I guess the first first :-) |
| 20:19 |
|
chris |
Redirect / https://opac.something |
| 20:19 |
|
kados |
hehe |
| 20:19 |
|
chris |
you just put that in ur http opac virtual host config |
| 20:19 |
|
kados |
ok ... |
| 20:19 |
|
chris |
you run apache2 right? |
| 20:20 |
|
kados |
yea ... |
| 20:22 |
|
chris |
right |
| 20:23 |
|
chris |
http://www.informit.com/articl[…]?p=30115&seqNum=3 might be some help |
| 20:23 |
|
kados |
cool ... thanks |
| 21:09 |
|
kados |
thanks for the help chris I think I've got a really killer httpd.conf now I just have to wait till our ISP adds the DNS so I can test it (I self-certified for now just to test) |
| 21:09 |
|
chris |
sweet |
| 21:10 |
|
kados |
I'm gonna head out ... see you tomorrow |
| 21:10 |
|
chris |
cya |
| 21:34 |
|
tungsten |
can someone give me a hand getting my borrower data in? |
| 21:34 |
|
tungsten |
thanks |
| 22:13 |
|
tungsten |
got it in will report to wiki thanks |
| 05:25 |
|
genji |
hiya. help! problem. Subjectheadings textarea is not getting into the database. |
| 06:16 |
|
genji |
BUG FOUND! |
| 06:28 |
|
genji |
then again, bug not found. gah. |
| 09:15 |
|
genji |
hey paul, you active? |
| 09:15 |
|
paul |
lucky man ;-) |
| 09:16 |
|
genji |
hiya. help! problem. Subjectheadings textarea is not getting into the database, using saveitem.pl in acqui.simple. call to modsubject is correct, as ive tested it in perl -d. |
| 09:16 |
|
paul |
you have MARC=OFF in systemprefs ? |
| 09:17 |
|
genji |
yup. |
| 09:17 |
|
paul |
so I can't help you. You need to ask chris, he & katipo are the MARC=OFF guys. I'm the MARC=ON one ;-) |
| 09:17 |
|
genji |
k. maybe i put marc=on and try it? |
| 09:19 |
|
genji |
okay... where the... where do you put subjects in the marc biblio? |
| 09:19 |
|
paul |
in the marc biblio, everything is stored in : |
| 09:20 |
|
paul |
* marc_biblio for header |
| 09:20 |
|
paul |
* marc_subfield_table for subfields |
| 09:20 |
|
paul |
* marc_word for all words of a subfield |
| 09:20 |
|
genji |
http://intranet/cgi-bin/koha/a[…]mple/addbiblio.pl marc=on. where do i put it? |
| 09:20 |
|
genji |
there isn't any subject field. |
| 09:20 |
|
paul |
the C4::Biblio/MARCkoha2marc sub will transform a non-MARC hash info a hash one. |
| 09:20 |
|
paul |
you need to modify your cataloguing setup |
| 09:21 |
|
paul |
(Koha >> Parameters >> biblio frameworks) |
| 09:21 |
|
paul |
then select your "item" MARC field |
| 09:21 |
|
paul |
and just add your subject somewhere. |
| 09:21 |
|
paul |
in tab 10 (items), with any other constraint. |
| 09:21 |
|
paul |
oups, no |
| 09:21 |
|
paul |
sorrys. |
| 09:22 |
|
paul |
nothing to deal with "items". |
| 09:22 |
|
paul |
so : |
| 09:22 |
|
paul |
go to biblio framework |
| 09:22 |
|
paul |
select the tag (MARC field) where your subject is stored |
| 09:22 |
|
paul |
"activate" it in any tab (except 10, that is for items) |
| 09:22 |
|
paul |
add any other constraint (like "mandatory" or not...) |
| 09:22 |
|
paul |
and that's all. |
| 09:23 |
|
paul |
your MARC editor will now show it & koha will store it |
| 09:23 |
|
paul |
if you want to do everything : |
| 09:23 |
|
paul |
"link" this field to bibliosubject.subject in the non MARC DB |
| 09:24 |
|
genji |
eh.. too difficult. ill talk to chris tomorrow. |
| 09:24 |
|
paul |
too difficult, but very powerful. |
