Maybe, but the downside is that DSpace cannot be used in a IPv4/IPv6 dual stack setup currently. And those will become more and more common...
> -----Original Message----- > From: Alan Orth [mailto:[email protected]] > Sent: Wednesday, July 02, 2014 9:49 PM > To: Becker, Pascal-Nicolas; [email protected] > Subject: Re: [Dspace-tech] IPv4/6 double stack setup and session hijacking > prevention > > Well, if this *was* a session hijacking attempt... wouldn't it look exactly > like > this? ie, DSpace would be actually protecting you. :) > > Alan > > On 06/08/2014 03:34 PM, Becker, Pascal-Nicolas wrote: > > Hi, > > > > > > today I used my test installation of DSpace for the first time from > > home where I have IPv4 and IPv6 in a dual stack setup. My server has > > an IPv4 and IPv6 connection as well, but in my office I currently have > > IPv4 only. So today I was using DSPACE JSPUI (master branch from early > > may > > 2014) in a IPv4/IPv6 dual stack setup for the first time. > > > > > > While using DSpace I was asked to login every two minutes. As this was > > quite annoying I looked in to dspace.log and found the following line: > > > > > > 2014-06-08 14:01:13,201 WARN org.dspace.app.webui.util.UIUtil @ > > POSSIBLE HIJACKED SESSION: request from > > 2001:6f8:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX does not match original > session > > address: 85.XXX.XXX.XXX. Authentication rejected. > > > > > > I think the problem is obvious: My mac is alternating using IPv4 and > > IPv6 to connect to my DSpace installation. DSpace detects this as a > > possible session hijacking attack and invalidates my session. > > > > > > Has anyone had the same problem (already)? Has anyone an idea how to > > solve this problem? And please don't suggest me to use either IPv4 or > > IPv6. ;-) > > > > > > Regards, > > > > Pascal > > > > > > P.S. A solution could be to save a IPv4 and a IPv6 address to prevent > > session hijacking while supporting IPv4/6 double stack setups. But > > even then we could run into problems with IPv6 privacy extensions... > > > > > > > > ---------------------------------------------------------------------- > > -------- Learn Graph Databases - Download FREE O'Reilly Book "Graph > > Databases" is the definitive new guide to graph databases and their > > applications. Written by three acclaimed leaders in the field, this > > first edition is now available. Download your free book today! > > http://p.sf.net/sfu/NeoTech > > > > > > > > _______________________________________________ > > DSpace-tech mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > List Etiquette: > > https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette > > > > > -- > Alan Orth > [email protected] > http://alaninkenya.org > http://mjanja.co.ke > "I have always wished for my computer to be as easy to use as my > telephone; my wish has come true because I can no longer figure out how to > use my telephone." -Bjarne Stroustrup, inventor of C++ GPG public key ID: > 0x8cb0d0acb5cd81ec209c6cdfbd1a0e09c2f836c0 ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
