On Jul 8, 2008, at 12:35 PM, Gary McGath wrote: > Mark Diggory wrote: > >> Likewise I've not been very concerned about its exposure (albeit the >> submitters email address embedded there) Ideally this user info in >> the provenence metadata should contain obviscated email addresses >> like the kind that are allowed as sha signatures in FOAF persons. >> Attaching that signature as metadata to the eperson and allowing >> lookup via sha signatures would allow the admins to get back to the >> user that submitted or approved the item from the metadata. and thus >> there would be no need to hide the actual metadata fields from the >> public. > > Whatever the ideal may be, the reality is that there are e-mail > addresses in the provenance data. I consider it the basic > responsibility > of any web application not to publish people's e-mail addresses > without > their consent. The second problem, peculiar to us because of the > embargo > requirement, is the inclusion of the bitstream file names, which > make it > easy to access embargoed files. On both counts, the exposure of > provenance metadata is a serious problem and can't wait for 1.5.1.
I tend to agree. >> The "metadata/" space is currently being used as a "catch-all" for >> exposing various types of metadata to the user (at least in my >> usage), it shouldn't be difficult to block it behind either >> authentication or drop it entirely using the sitemap.xmap >> configuration of Cocoon in the dspace/modules/xmlui/src/main/webapp/ >> sitemap.xmap. You'll need to obtain a copy from the dspace-xmlui- >> webapp/src/main/webap/sitemap.xmap. > > As I said in my post, that was what I did. My first attempt was to > change "metadata" to some other string of letters (let's say > "detamata"). If I do that, Manakin hangs. I then refined the > attempt to > redirect "metadata/**" to something else. Same result. Thats odd, because theres and /internal/metadata/... internal pipeline that all this is supposed to be going through, I wonder if thats not the case then. Do your "hangs" eventually timeout? ca you get any logging out of the xmlui/WEB-INF/logs on this issue? That might expose the pipeline thats attempting to access this via / metadata rather than /internal/metadata. -Mark ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech