Re: [Dspace-tech] jspui
Thanks Appreciate your info. Rgds Koh Kim Boon [Department-of-Information-and-Digital-Technology-Services_big png][SP_60] DID 67721129 | FAX 6772 1980 | 500 Dover Road Singapore 139651 | www.sp.edu.sghttp://www.sp.edu.sg/ This message may contain privileged/confidential information. If you are not the intended recipient, please destroy it and notify the sender immediately. Singapore Polytechnic is not liable for any unauthorised dissemination, copying or use of this message. From: emilio lorenzo [mailto:elore...@arvo.es] Sent: Saturday, 11 October, 2014 3:26 PM To: Koh Kim Boon; dspace-tech Subject: Re: [Dspace-tech] jspui Hi, Yes, you can remove it (and also the other webapps if you dont use it: LNI, SWORD, ...) It is a good security practice. Some alternatives a) remove it from pom.xml manifest b) remove the directory after the buld (porbably this is the easiest option) c) best luck El 11/10/2014 7:23, Koh Kim Boon escribió: Hi All, Can I know if I can remove jspui as I am using only xmlui? I am using Dspace 1.8 with Tomcat 7.053, and postgres 9.1 Pls advise. Koh Kim Boon [Department-of-Information-and-Digital-Technology-Services_big png][SP_60] DID 67721129 | FAX 6772 1980 | 500 Dover Road Singapore 139651 | www.sp.edu.sghttp://www.sp.edu.sg/ This message may contain privileged/confidential information. If you are not the intended recipient, please destroy it and notify the sender immediately. Singapore Polytechnic is not liable for any unauthorised dissemination, copying or use of this message. -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://p.sf.net/sfu/Zoho ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.netmailto:DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://p.sf.net/sfu/Zoho___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] Clickjacking vulnerabilitites resolution
Hi Can anyone advise if they have add in the code for X-frame-Options to Tomcat or Dspace to This is one example * Running HTTPS serviceHTTP request to https://dspace.lib.sp.edu.sg/xmlui/WEB-INF/.svn/entries (https://dspace.lib.sp.edu.sg/xmlui/WEB-INF/.svn/entries)HTTP response code was an expected 200HTTP header 'X-Frame-Options' not presentHTTP header 'X-Frame-Options' not present I am using Dspace 1.8 with Tomcat 7.053, and postgres 9.1 Koh Kim Boon [Department-of-Information-and-Digital-Technology-Services_big png][SP_60] DID 67721129 | FAX 6772 1980 | 500 Dover Road Singapore 139651 | www.sp.edu.sghttp://www.sp.edu.sg/ This message may contain privileged/confidential information. If you are not the intended recipient, please destroy it and notify the sender immediately. Singapore Polytechnic is not liable for any unauthorised dissemination, copying or use of this message. -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://p.sf.net/sfu/Zoho___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] jspui
Hi All, Can I know if I can remove jspui as I am using only xmlui? I am using Dspace 1.8 with Tomcat 7.053, and postgres 9.1 Pls advise. Koh Kim Boon [Department-of-Information-and-Digital-Technology-Services_big png][SP_60] DID 67721129 | FAX 6772 1980 | 500 Dover Road Singapore 139651 | www.sp.edu.sghttp://www.sp.edu.sg/ This message may contain privileged/confidential information. If you are not the intended recipient, please destroy it and notify the sender immediately. Singapore Polytechnic is not liable for any unauthorised dissemination, copying or use of this message. -- Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://p.sf.net/sfu/Zoho___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Security vulnerability - Blind SQL injection
Hi As we are a government related agency, our IT agency does a regular security scan to check for weakness or vulnerabilities. Koh Kim Boon Department of Information and Digital Technology (Library Solutions) 500 Dover Road, Singapore 139651 DID: 67721129 Tel: 67721160 Fax: 61121969 Email: koh_kim_b...@sp.edu.sgmailto:koh_kim_b...@sp.edu.sg From: Hilton Gibson [mailto:hilton.gib...@gmail.com] Sent: Friday, 30 May 2014 4:10 PM To: Koh Kim Boon Cc: dspace-tech@lists.sourceforge.net Subject: Re: [Dspace-tech] Security vulnerability - Blind SQL injection On 30 May 2014 03:32, Koh Kim Boon koh_kim_b...@sp.edu.sgmailto:koh_kim_b...@sp.edu.sg wrote: Recent my dspace server had a security scan and one of the vulnerabilities listed in blind sql injection. Hi Koh Can you tell us exactly the nature of the security scan Thanks. Hilton Gibson Ubuntu Linux Systems Administrator JS Gericke Library Room 1025D Stellenbosch University Private Bag X5036 Stellenbosch 7599 South Africa Tel: +27 21 808 4100 | Cell: +27 84 646 4758 http://scholar.sun.ac.za http://bit.ly/goodir http://library.sun.ac.za http://za.linkedin.com/in/hiltongibson -- Time is money. Stop wasting it! Get your web API in 5 minutes. www.restlet.com/download http://p.sf.net/sfu/restlet___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
[Dspace-tech] Security vulnerability - Blind SQL injection
Hi Guys Recent my dspace server had a security scan and one of the vulnerabilities listed in blind sql injection. I am using Dspace 1.8 with Tomcat 7.053, and postgres 9.1 Can I know if I need to upgrade to resolve the vulnerability issue, or the current configuration is already sufficient to eliminate the risk. Example of the risk http://dspace.***.**/xmlui/handle/get/90/discoverusing method POST Parameter querybehaves differently with the following payloads: 10' OR '16123'='1612310' AND '16123'='16124 Koh Kim Boon Department of Information and Digital Technology (Library Solutions) 500 Dover Road, Singapore 139651 DID: 67721129 Tel: 67721160 Fax: 61121969 Email: koh_kim_b...@sp.edu.sgmailto:koh_kim_b...@sp.edu.sg -- Time is money. Stop wasting it! Get your web API in 5 minutes. www.restlet.com/download http://p.sf.net/sfu/restlet___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette