On Tue, Oct 30, 2012 at 12:00 PM, Umair Kayani <[email protected]> wrote: > Can anyone share what are the application security details that dspace is > following. Since this is an open source so I want to make sure that > application level security is strict enough for the hackers to chip in.
Can you be more specific about what you'd like to know? DSpace doesn't have a separate security team, but if you report any vulnerability, I'm sure it would guarantee an immediate minor release as soon as a patch is available. Like you correctly observed, DSpace is open source, so you're free to perform a security audit of the codebase or have an external company do that. But it's equally important to have the underlying architecture secured - your operating system, JDK, Tomcat, database. There's a page on securing DSpace on our wiki: https://wiki.duraspace.org/display/DSPACE/SecuringDspace > In case of password based authentication which hashing algorithm it is > following for password. DSpace PasswordAuthentication method up to 1.8.2 used MD5-hashed passwords. Starting from 3.0, there will be a salted SHA-512 multi-round hash generated for new users (and for existing users next time they log in). Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
