If you are running Tomcat behind a reverse proxy like Nginx or Apache
(HTTPD), you should be able to restrict access to the /xmlui/metadata/ path
to localhost only.
For Nginx this would look like:
location /xmlui/metadata {
allow 127.0.0.1;
deny all;
}
I'm not sure if anything in DSpace requires public access to
/xmlui/metadata, so test this in development first...
Jacob
On Friday, November 2, 2018 at 3:04:40 AM UTC-5, Paul Münch wrote:
>
> Hello,
>
> I like to share an issue which bother me a little bit. We use DSpace 6.3
> with XMLUI. It is possible to see metadata and bitstream information of
> restricted items, if someone knows the handle ( e.g. crawl all handles
> of the repository ) and uses this URL:
> [dspace-url]/metadata/handle/.../mets.xml ( or ./ore.xml ). The
> bitstreams are not downloadable but everybody could look into restricted
> information.
>
> Are you aware of this or have you some workarounds?
>
> Kind regards,
>
> Paul Münch
>
> --
> Philipps-Universität Marburg | UB
> Digitale Dienste | Deutschhausstraße 9 | D018
> Tel. +49 06421 28-24624
> --
>
>
>
--
All messages to this mailing list should adhere to the DuraSpace Code of
Conduct: https://duraspace.org/about/policies/code-of-conduct/
---
You received this message because you are subscribed to the Google Groups
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.
