First of all, upgrade to 4.3 which fixes a number of security issues. Make sure you're not running Tomcat as root. Use authbind or Linux capabilites or iptables. The possibilities are described here [1].
Make sure that you're using HTTPS at least for the login page (xmlui.force.ssl is one of the ways to acheive that). This list is non-exhaustive. For a more conceptual approach, check out [2]. [1] https://wiki.duraspace.org/display/DSPACE/Running+DSpace+on+Standard+Ports [2] https://wiki.duraspace.org/display/DSPACE/SecuringDspace Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
