I've previously only interacted with DSpace as a user so please pardon the 'newb' questions. I'm trying to (re)create a repository that anyone can search via a website but only certain authorized local users can modify.
Given these authentication rules: host dspace dspace 127.0.0.1 255.255.255.255 md5 local all all peer host all all 127.0.0.1/32 ident Aren't all the connections local, (explicitly or due to the 127 address)? When I have DSpace setup with Tomcat does the database see that as a local or host connection? Because if it's a host connection then the md5 host rule will kick in and the user will have to supply a password. And even then, given the ADDRESS it's still a local connection, right? So I assumed DSpace web connections would be translated into local (Tomcat => 'dspace') database queries/connections. If my 'dspace' database user had no authority to do anything dangerous and all access attempts are filtered through Tomcat as 'dspace' could I just 'trust' the connection since I (hopefully) can trust Tomcat? Then users wouldn't need a password to search our repository. Something like this: host dspace dspace 127.0.0.1 255.255.255.255 md5 local dspace dspace trust local all all peer host all all 127.0.0.1/32 ident Or would that open my site up to all sorts of mischief? Note: I don't have the Tomcat interface up so I haven't yet tested any of this from a browser. -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
