On Tue, Oct 30, 2012 at 4:03 PM, Ross <ross.laza...@gmail.com> wrote:

> Doesn't make sense that you can wget directly from the paste process
> if you have security properly configured!

That's what you can do with the main Galaxy site. Not sure if that's
intentional though. You can try

wget --no-check-certificate

See if you can download my own dataset without providing any credential.

> Do you have Apache authenticating and passing headers through to the
> paste process - this section in universe_wsgi.ini
> # User authentication can be delegated to an upstream proxy server (usually
> # Apache).  The upstream proxy should set a REMOTE_USER header in the
> request.
> # Enabling remote user disables regular logins.  For more information, see:
> # http://wiki.g2.bx.psu.edu/Admin/Config/Apache%20Proxy
> use_remote_user = True
> If so, you should not be able to access anything via the paste process
> directly without adding authentication headers. Once that's fixed (you
> do NOT want anyone to be able to do what you can do - it bypasses all
> security!) the apache configuration will probably need tweaking. It's
> hard to advise - it's mostly voodoo IMHO - do you have an apache
> fluent sysadmin?

We don't use Apache for authentication. Thus use_remote_user = False. Will
read more about this remote user thing.

Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:


Reply via email to