[Koha] Questions on data security, liability and RFP issues

Michael Lake mikel at speleonics.com.au
Sat Nov 6 16:36:43 NZDT 2004


Chris Cormack wrote:
> The security we have on koha, is that the librarian interface is behind
> password authentication, but you can disable this. What HLT does and other
> libraries we have worked with do, is not make the librarian interface
> available to the world. This can be done by restricting access to only
> certain ips, or only available on a lan. 

Here is just one thing that you can do as an example.
Have a look at the file /etc/apache/koha-httpd.conf

Where you have:

# OPAC Interface
<VirtualHost mymachine:8000>
lots of settings ....
</VirtualHost>

# Intranet Interface
<VirtualHost mymachine:8080>
lots of settings ....
Allow From 123.456.789.4
</VirtualHost>

you can add an 'Allow from' directive to the web server to disallow 
access to other than the ip address 123.456.789.4

Best though is to work through what you have with the Sys Admin that 
runs the systems.

Mike










More information about the Koha mailing list