have a firewall on it and only open the port to jspui or xmlui On 4/23/19, Mark H. Wood <[email protected]> wrote: > On Tue, Apr 23, 2019 at 09:56:48AM -0700, Ramón Cordeiro wrote: >> How can I hidden the credentials inside dspace.cfg. These data are in >> plain >> text and I worry about hacker atack. >> >> Is there a way to encryp or hidden these data in the same time the dspace >> >> work without problem ? > > No. This is a general problem, not restricted to DSpace. If the > credentials in the DSpace configuration were encrypted, DSpace could > not start without the decryption key, which would have to be stored on > the system in plain text. > > No closed system can be fully protected by secrets. It must hold at > least one unprotected secret or it cannot fully start. That one > unprotected secret could be used by an intruder to get the other > secrets. > > The only way around this that I know of is to open the system: > require an operator to provide the key at startup. How to do that > would be very dependent on the local operating environment and > policies. > > Here we use normal filesystem permissions to restrict access to the > DSpace configuration from console users; use the DBMS' access controls > to limit which remote hosts can connect to the database; and do not > expose remote console access on a public address. > > -- > Mark H. Wood > Lead Technology Analyst > > University Library > Indiana University - Purdue University Indianapolis > 755 W. Michigan Street > Indianapolis, IN 46202 > 317-274-0749 > www.ulib.iupui.edu > > -- > All messages to this mailing list should adhere to the DuraSpace Code of > Conduct: https://duraspace.org/about/policies/code-of-conduct/ > --- > You received this message because you are subscribed to the Google Groups > "DSpace Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/dspace-community. > For more options, visit https://groups.google.com/d/optout. >
-- All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/dspace-community. For more options, visit https://groups.google.com/d/optout.
