[dspace-tech] Change password

[Jaime Solorzano]

Dear Dspace team,

To improve security, when the password is changed due to forgetfulness, it 
should be necessary to request the current password, Dspace 6.3

Thanks in advance


Jaime Solorzano


-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/55b578e1-6de1-45d5-9647-e4fe49d2ecabn%40googlegroups.com.

[dspace-tech] Strong passwords in Dspace

[Jaime Solorzano]

Dear Dsapce Team,

To increase security, policies must be implemented for the construction of 
strong passwords, for authentication or registration. Dspace 6.3

Thanks in advance

Jaime Solorzano

-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/ccbf045a-af28-4498-842a-45a55cf6ad02n%40googlegroups.com.

[dspace-tech] Validate the entries

[Jaime Solorzano]

Dear Dspace Team

The eperson-list module in the endpoint tools does not correctly validate 
the entries in the search parameter, which makes it possible to enter 
malicious scripts that could affect the confidentiality of users who trust 
this information system.

Sanitization of application data inputs should be applied through filtering 
functions at the source code level.

Test in Dspace 6.3

[image: error3.JPG]



Thanks in advance

Jaime Solorzano

-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/6a7f50be-bfc4-4b28-bb10-1097a277a94dn%40googlegroups.com.

[dspace-tech] Access system information

[Jaime Solorzano]

Dear Dspace Team

When analyzing the different endpoints of the application, it is observed 
that it is possible to access system information without the required 
authorization. This behavior allows an attacker to obtain information such 
as full names and email addresses.

[image: error2.png]



Thanks in advance

Jaime Solorzano



-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/a547aa19-2e8b-479a-8611-27a44b2f38c1n%40googlegroups.com.

[dspace-tech] Error public

[Jaime Solorzano]

Dear DSpace Team,

The errors that occur in DSpace, expose technical information publicly, we 
propose that this information be at the administrator level.

Thanks in advance

Jaime Solorzano

-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/5c41e8eb-e21a-4d8d-ad90-09b3d25e31d4n%40googlegroups.com.

[dspace-tech] Session ID

[Jaime Solorzano]

Dear DSpace Team,

We have detected that Dspace must generate a new session id once the user 
authenticates successfully or only assign the session id after 
authentication

Thanks in advance,

Jaime Solorzano

-- 
All messages to this mailing list should adhere to the Code of Conduct: 
https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
--- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/dspace-tech/4e1a2f58-1a68-45bf-a70f-00f12cfec8e4n%40googlegroups.com.

Re: [dspace-tech] AWS S3 Connection Pool Error

[Jaime Solorzano]

Hi Peter 

has made updates for version 6? Apparently it's a bit different from what 
you've posted.


I have the same problem with S3 in Dspace v.6 (pool Error)

Jaime



El viernes, 26 de mayo de 2017, 10:32:05 (UTC-5), Peter Dietz escribió:
>
> The TransferManager code just made the implementation simpler. Otherwise 
> you have to write code that determines how large the bitstream is, and if 
> its small, transfer the file to somewhere in memory, and then stream that, 
> or if its larger, you could store it to temp file, and then stream that. 
> You also have to ensure that you delete the temp file when complete. If its 
> very large, larger than 5GB, you can't transfer that in a single GET. The 
> TransferManager code handles the multipart uploads and download. Also, it 
> can give a performance benefit, where GET and PUT can be done multi-thread 
> multi-part, instead of a single long running GET or PUT to S3. The 
> transfermanager also seemed to do a good job of closing resources when the 
> transfer was complete.
>
>
> http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/transfer/TransferManager.html
> High level utility for managing transfers to Amazon S3.
>
> TransferManager provides a simple API for uploading content to Amazon S3, 
> and makes extensive use of Amazon S3 multipart uploads to achieve enhanced 
> throughput, performance and reliability.
>
> When possible, TransferManager attempts to use multiple threads to upload 
> multiple parts of a single upload at once. When dealing with large content 
> sizes and high bandwidth, this can have a significant increase on 
> throughput.
>
> TransferManager is responsible for managing resources such as connections 
> and threads; share a single instance of TransferManager whenever 
> possible. TransferManager, like all the client classes in the AWS SDK for 
> Java, is thread safe. Call TransferManager.shutdownNow() to release the 
> resources once the transfer is complete.
>
> 
> Peter Dietz
> Longsight
> www.longsight.com
> pe...@longsight.com 
> p: 740-599-5005 x809
>
> On Fri, May 26, 2017 at 9:18 AM,  
> wrote:
>
>> Thanks Peter,
>>
>> I have implemented most of your changes on the DSpace 6 code and now I'm 
>> not running out of connections.  I haven't updated to use the Transfer 
>> Manager yet and I was wondering what advantage you found using the Transfer 
>> Manager over the original implementation.
>>
>> Thanks,
>> Justin
>>
>> On Thursday, May 18, 2017 at 11:02:22 AM UTC-4, Peter Dietz wrote:
>>>
>>> Hi Justin,
>>>
>>> With production use, and encountering similar issues to you, I have made 
>>> fixes to our code to protect against http connection leaking with AWS S3 
>>> assetstore, and also to handle larger uploads/downloads. Here is some 
>>> commit history to the (5.x) S3BitStore: 
>>> https://github.com/LongsightGroup/DSpace/commits/longsight-5.6/dspace-api/src/main/java/org/dspace/storage/bitstore/impl/S3BitStore.java
>>>
>>>
>>> 
>>> Peter Dietz
>>> Longsight
>>> www.longsight.com
>>> pe...@longsight.com
>>> p: 740-599-5005 x809
>>>
>>> On Thu, May 18, 2017 at 10:57 AM, Claudia Jürgen <
>>> claudia...@tu-dortmund.de> wrote:
>>>
 Hello jcdalton,

 which UI are you using and are you using google analytics?

 For the time being you may set the config parameter db.maxidle to
 something else than -1
 see
 https://jira.duraspace.org/browse/DS-3564?jql=text%20~%20%22maxidle%22

 Hope this helps

 Claudia Jürgen


 Am 18.05.2017 um 16:25 schrieb jcda...@email.wm.edu:

> I'm using S3 as a bitstore on DSpace 6 and I'm coming up with a lot of
> errors like the following:
>
> com.amazonaws.http.AmazonHttpClient @ Unable to execute HTTP request:
> Timeout waiting for connection from pool
> org.apache.http.conn.ConnectionPoolTimeoutException: Timeout waiting 
> for
> connection from pool
>
> It looks to me like either DSpace isn't closing the connections as it
> should.  Anyone else had this issue?
>
> Thanks
>
>
 --
 Claudia Juergen
 Eldorado

 Technische Universität Dortmund
 Universitätsbibliothek
 Vogelpothsweg 76
 44227 Dortmund

 Tel.: +49 231-755 40 43
 Fax: +49 231-755 40 32
 claudia...@tu-dortmund.de
 www.ub.tu-dortmund.de

 Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. 
 Sie ist ausschließlich für den Adressaten bestimmt. Sollten Sie nicht der 
 für diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den 
 Absender und vernichten Sie diese Mail. Vielen Dank.
 Unbeschadet der Korrespondenz per E-Mail, sind unsere Erklärungen 
 ausschließlich final rechtsverbindlich, wenn sie in herkömmlicher 
 Schriftform (mit eigenhändiger Unterschrift) oder durch Übermittlung eines 
 solchen Schriftstücks per Telefax erfolgen.

[dspace-tech] Re: Cleanup in S3 Storage

[Jaime Solorzano]

I was watching this but it does not

https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/dspace/storage/bitstore/S3BitStoreService.java#L247


Jaime


El miércoles, 11 de enero de 2017, 11:59:27 (UTC-5), Jaime Solorzano 
escribió:
>
> Hello
>
> I  see that cleanup does not delete the s3 files, which method should be 
> used? 
>
> Someone done this?  
>
>
> Jaime Solorzano
>

-- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

[dspace-tech] Re: Cleanup in S3 Storage

[Jaime Solorzano]

Him Peter 

no! :( 

My user allows to delete objects (Check the policies and I did it 
manually), but not delete from my bucket, 

Does not show anything in my log,  Could you do the test please? 


This is very interesting, right?

Jaime

-- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

[dspace-tech] Cleanup in S3 Storage

[Jaime Solorzano]

Hello

I  see that cleanup does not delete the s3 files, which method should be 
used? 

Someone done this?  


Jaime Solorzano

-- 
You received this message because you are subscribed to the Google Groups 
"DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to dspace-tech+unsubscr...@googlegroups.com.
To post to this group, send email to dspace-tech@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.