Paul,<div><br></div><div><br></div><div>This particular vandalism was the embedding of an obscene image in the staff client main block. It appears to done by an individual human, rather than a script.</div><div><br></div>
<div><br></div><div>-Ian<br><br><div class="gmail_quote">2010/3/24 Paul Poulain <span dir="ltr"><<a href="mailto:paul.poulain@biblibre.com">paul.poulain@biblibre.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div text="#000000" bgcolor="#ffffff">
Le 24/03/2010 16:56, Ian Walls a écrit :
<div><div></div><div class="h5"><blockquote type="cite">Everyone,
<div><br>
</div>
<div><br>
</div>
<div>As many of you know, the Koha demos currently linked to <a href="http://koha-community.org" target="_blank">koha-community.org</a>
are hosted by ByWater Solutions. This morning we noticed some
offensive vandalism on the main staff page. It has been removed, but
it's gotten us thinking about how we can secure the demos better
against such things in the future. </div>
<div><br>
</div>
<div>Current thinking is that we should set the database up to
refresh from a clean copy every hour. This would limit exposure to
offensive damage to a brief window, but would also mean that anyone
taking a tour and adding test records may lose them midway through
their explorations. A brief note to this effect should be put both
outside and inside the demo, but it would still prove annoying.</div>
<div><br>
</div>
<div>Rather than acting unilaterally upon a community resource, we
thought it would be best to get the community's opinions on how best to
handle this. Is an hour too narrow a window? Should we only refresh
certain tables (like systempreferences) and leave others (like biblios
or borrowers)? Are there other methods we should consider?</div>
<div><br>
</div>
<div>My goal is to get this taken care of by the end of the day. If
good ideas come in after that, though, I am of course willing to change
course.</div>
<div><br>
</div>
<div>Cheers,</div>
<br>
</blockquote></div></div>
Could you detail what kind of vandalism it was ?<br>
Was it a scripted attack ? if yes, a simple template improvement could
do the job on the login page (like "how much is 2x3")?<br><font color="#888888">
<pre cols="72">--
Paul POULAIN
<a href="http://www.biblibre.com" target="_blank">http://www.biblibre.com</a>
Expert en Logiciels Libres pour l'info-doc
Tel : (33) 4 91 81 35 08</pre>
</font></div>
<br>_______________________________________________<br>
Koha mailing list<br>
<a href="mailto:Koha@lists.katipo.co.nz">Koha@lists.katipo.co.nz</a><br>
<a href="http://lists.katipo.co.nz/mailman/listinfo/koha" target="_blank">http://lists.katipo.co.nz/mailman/listinfo/koha</a><br>
<br></blockquote></div><br></div>