[Koha] Preventing vandalism of the Koha demo sites

Ian Walls ian.walls at bywatersolutions.com
Thu Mar 25 05:47:02 NZDT 2010


Paul,


This particular vandalism was the embedding of an obscene image in the staff
client main block.  It appears to done by an individual human, rather than a
script.


-Ian

2010/3/24 Paul Poulain <paul.poulain at biblibre.com>

>  Le 24/03/2010 16:56, Ian Walls a écrit :
>
> Everyone,
>
>
>  As many of you know, the Koha demos currently linked to
> koha-community.org are hosted by ByWater Solutions.  This morning we
> noticed some offensive vandalism on the main staff page.  It has been
> removed, but it's gotten us thinking about how we can secure the demos
> better against such things in the future.
>
>  Current thinking is that we should set the database up to refresh from a
> clean copy every hour.  This would limit exposure to offensive damage to a
> brief window, but would also mean that anyone taking a tour and adding test
> records may lose them midway through their explorations.  A brief note to
> this effect should be put both outside and inside the demo, but it would
> still prove annoying.
>
>  Rather than acting unilaterally upon a community resource, we thought it
> would be best to get the community's opinions on how best to handle this.
>  Is an hour too narrow a window?  Should we only refresh certain tables
> (like systempreferences) and leave others (like biblios or borrowers)?  Are
> there other methods we should consider?
>
>  My goal is to get this taken care of by the end of the day.  If good
> ideas come in after that, though, I am of course willing to change course.
>
>  Cheers,
>
>  Could you detail what kind of vandalism it was ?
> Was it a scripted attack ? if yes, a simple template improvement could do
> the job on the login page (like "how much is 2x3")?
>
> --
> Paul POULAINhttp://www.biblibre.com
> Expert en Logiciels Libres pour l'info-doc
> Tel : (33) 4 91 81 35 08
>
>
> _______________________________________________
> Koha mailing list
> Koha at lists.katipo.co.nz
> http://lists.katipo.co.nz/mailman/listinfo/koha
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20100324/b9586791/attachment.htm 


More information about the Koha mailing list