[dspace-tech] Change password
Dear Dspace team, To improve security, when the password is changed due to forgetfulness, it should be necessary to request the current password, Dspace 6.3 Thanks in advance Jaime Solorzano -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/55b578e1-6de1-45d5-9647-e4fe49d2ecabn%40googlegroups.com.
[dspace-tech] Strong passwords in Dspace
Dear Dsapce Team, To increase security, policies must be implemented for the construction of strong passwords, for authentication or registration. Dspace 6.3 Thanks in advance Jaime Solorzano -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/ccbf045a-af28-4498-842a-45a55cf6ad02n%40googlegroups.com.
[dspace-tech] Validate the entries
Dear Dspace Team The eperson-list module in the endpoint tools does not correctly validate the entries in the search parameter, which makes it possible to enter malicious scripts that could affect the confidentiality of users who trust this information system. Sanitization of application data inputs should be applied through filtering functions at the source code level. Test in Dspace 6.3 [image: error3.JPG] Thanks in advance Jaime Solorzano -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/6a7f50be-bfc4-4b28-bb10-1097a277a94dn%40googlegroups.com.
[dspace-tech] Access system information
Dear Dspace Team When analyzing the different endpoints of the application, it is observed that it is possible to access system information without the required authorization. This behavior allows an attacker to obtain information such as full names and email addresses. [image: error2.png] Thanks in advance Jaime Solorzano -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/a547aa19-2e8b-479a-8611-27a44b2f38c1n%40googlegroups.com.
[dspace-tech] Error public
Dear DSpace Team, The errors that occur in DSpace, expose technical information publicly, we propose that this information be at the administrator level. Thanks in advance Jaime Solorzano -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/5c41e8eb-e21a-4d8d-ad90-09b3d25e31d4n%40googlegroups.com.
[dspace-tech] Session ID
Dear DSpace Team, We have detected that Dspace must generate a new session id once the user authenticates successfully or only assign the session id after authentication Thanks in advance, Jaime Solorzano -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/4e1a2f58-1a68-45bf-a70f-00f12cfec8e4n%40googlegroups.com.
Re: [dspace-tech] AWS S3 Connection Pool Error
Hi Peter has made updates for version 6? Apparently it's a bit different from what you've posted. I have the same problem with S3 in Dspace v.6 (pool Error) Jaime El viernes, 26 de mayo de 2017, 10:32:05 (UTC-5), Peter Dietz escribió: > > The TransferManager code just made the implementation simpler. Otherwise > you have to write code that determines how large the bitstream is, and if > its small, transfer the file to somewhere in memory, and then stream that, > or if its larger, you could store it to temp file, and then stream that. > You also have to ensure that you delete the temp file when complete. If its > very large, larger than 5GB, you can't transfer that in a single GET. The > TransferManager code handles the multipart uploads and download. Also, it > can give a performance benefit, where GET and PUT can be done multi-thread > multi-part, instead of a single long running GET or PUT to S3. The > transfermanager also seemed to do a good job of closing resources when the > transfer was complete. > > > http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/transfer/TransferManager.html > High level utility for managing transfers to Amazon S3. > > TransferManager provides a simple API for uploading content to Amazon S3, > and makes extensive use of Amazon S3 multipart uploads to achieve enhanced > throughput, performance and reliability. > > When possible, TransferManager attempts to use multiple threads to upload > multiple parts of a single upload at once. When dealing with large content > sizes and high bandwidth, this can have a significant increase on > throughput. > > TransferManager is responsible for managing resources such as connections > and threads; share a single instance of TransferManager whenever > possible. TransferManager, like all the client classes in the AWS SDK for > Java, is thread safe. Call TransferManager.shutdownNow() to release the > resources once the transfer is complete. > > > Peter Dietz > Longsight > www.longsight.com > pe...@longsight.com > p: 740-599-5005 x809 > > On Fri, May 26, 2017 at 9:18 AM,> wrote: > >> Thanks Peter, >> >> I have implemented most of your changes on the DSpace 6 code and now I'm >> not running out of connections. I haven't updated to use the Transfer >> Manager yet and I was wondering what advantage you found using the Transfer >> Manager over the original implementation. >> >> Thanks, >> Justin >> >> On Thursday, May 18, 2017 at 11:02:22 AM UTC-4, Peter Dietz wrote: >>> >>> Hi Justin, >>> >>> With production use, and encountering similar issues to you, I have made >>> fixes to our code to protect against http connection leaking with AWS S3 >>> assetstore, and also to handle larger uploads/downloads. Here is some >>> commit history to the (5.x) S3BitStore: >>> https://github.com/LongsightGroup/DSpace/commits/longsight-5.6/dspace-api/src/main/java/org/dspace/storage/bitstore/impl/S3BitStore.java >>> >>> >>> >>> Peter Dietz >>> Longsight >>> www.longsight.com >>> pe...@longsight.com >>> p: 740-599-5005 x809 >>> >>> On Thu, May 18, 2017 at 10:57 AM, Claudia Jürgen < >>> claudia...@tu-dortmund.de> wrote: >>> Hello jcdalton, which UI are you using and are you using google analytics? For the time being you may set the config parameter db.maxidle to something else than -1 see https://jira.duraspace.org/browse/DS-3564?jql=text%20~%20%22maxidle%22 Hope this helps Claudia Jürgen Am 18.05.2017 um 16:25 schrieb jcda...@email.wm.edu: > I'm using S3 as a bitstore on DSpace 6 and I'm coming up with a lot of > errors like the following: > > com.amazonaws.http.AmazonHttpClient @ Unable to execute HTTP request: > Timeout waiting for connection from pool > org.apache.http.conn.ConnectionPoolTimeoutException: Timeout waiting > for > connection from pool > > It looks to me like either DSpace isn't closing the connections as it > should. Anyone else had this issue? > > Thanks > > -- Claudia Juergen Eldorado Technische Universität Dortmund Universitätsbibliothek Vogelpothsweg 76 44227 Dortmund Tel.: +49 231-755 40 43 Fax: +49 231-755 40 32 claudia...@tu-dortmund.de www.ub.tu-dortmund.de Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. Sie ist ausschließlich für den Adressaten bestimmt. Sollten Sie nicht der für diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Vielen Dank. Unbeschadet der Korrespondenz per E-Mail, sind unsere Erklärungen ausschließlich final rechtsverbindlich, wenn sie in herkömmlicher Schriftform (mit eigenhändiger Unterschrift) oder durch Übermittlung eines solchen Schriftstücks per Telefax erfolgen.
[dspace-tech] Re: Cleanup in S3 Storage
I was watching this but it does not https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/dspace/storage/bitstore/S3BitStoreService.java#L247 Jaime El miércoles, 11 de enero de 2017, 11:59:27 (UTC-5), Jaime Solorzano escribió: > > Hello > > I see that cleanup does not delete the s3 files, which method should be > used? > > Someone done this? > > > Jaime Solorzano > -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to dspace-tech@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
[dspace-tech] Re: Cleanup in S3 Storage
Him Peter no! :( My user allows to delete objects (Check the policies and I did it manually), but not delete from my bucket, Does not show anything in my log, Could you do the test please? This is very interesting, right? Jaime -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to dspace-tech@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.
[dspace-tech] Cleanup in S3 Storage
Hello I see that cleanup does not delete the s3 files, which method should be used? Someone done this? Jaime Solorzano -- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To post to this group, send email to dspace-tech@googlegroups.com. Visit this group at https://groups.google.com/group/dspace-tech. For more options, visit https://groups.google.com/d/optout.