On Sat, Feb 12, 2011 at 12:07:42PM -0600, Thornton, Susan M. (LARC-B702)[LITES] wrote: > Does anyone know if it’s possible to block a single ip address from > accessing a DSpace instance? I’ve tried it through the postgres pg_hba.conf > file and, while I can successfully block a user from accessing the dspace > database via, say PGAdminIII, it doesn’t block them from accessing the site.
Pg only sees connections from the DSpace host, regardless of the source of any session which causes those connections to be opened. You *should* block nearly everyone from connecting to Pg, but though necessary for good security this isn't sufficient. An address filter in the Tomcat setup, in HTTPD if you use it, and/or host and/or site firewalls, would be good ways to tackle this. -- Mark H. Wood, Lead System Programmer [email protected] Asking whether markets are efficient is like asking whether people are smart.
pgp4t9xYRAPRJ.pgp
Description: PGP signature
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
