[Koha] Preventing vandalism of the Koha demo sites

Paul Poulain paul.poulain at biblibre.com
Thu Mar 25 05:22:57 NZDT 2010


Le 24/03/2010 16:56, Ian Walls a écrit :
> Everyone,
>
>
> As many of you know, the Koha demos currently linked to
> koha-community.org <http://koha-community.org> are hosted by ByWater
> Solutions.  This morning we noticed some offensive vandalism on the
> main staff page.  It has been removed, but it's gotten us thinking
> about how we can secure the demos better against such things in the
> future.  
>
> Current thinking is that we should set the database up to refresh from
> a clean copy every hour.  This would limit exposure to offensive
> damage to a brief window, but would also mean that anyone taking a
> tour and adding test records may lose them midway through their
> explorations.  A brief note to this effect should be put both outside
> and inside the demo, but it would still prove annoying.
>
> Rather than acting unilaterally upon a community resource, we thought
> it would be best to get the community's opinions on how best to handle
> this.  Is an hour too narrow a window?  Should we only refresh certain
> tables (like systempreferences) and leave others (like biblios or
> borrowers)?  Are there other methods we should consider?
>
> My goal is to get this taken care of by the end of the day.  If good
> ideas come in after that, though, I am of course willing to change course.
>
> Cheers,
>
Could you detail what kind of vandalism it was ?
Was it a scripted attack ? if yes, a simple template improvement could
do the job on the login page (like "how much is 2x3")?

-- 
Paul POULAIN
http://www.biblibre.com
Expert en Logiciels Libres pour l'info-doc
Tel : (33) 4 91 81 35 08

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20100324/33a9bb68/attachment.htm 


More information about the Koha mailing list