← Previous day | Today | Next day → | Search | Index
All times shown according to UTC.
| Time | Nick | Message |
|---|---|---|
| 16:41 | owen | So Koha has a system preference for date format, right? Does anyone know of an example in the code where that date format is applied? |
| 16:54 | Oh, I see. Right in front of me. | |
| 19:59 | kados | chris around? |
| 19:59 | I've got a quick apache security question | |
| 20:00 | I'm wondering whether it's any less safe to setup Koha on only port 80 and use the virtual host ServerName directive to distinguish between opac and intranet (opac.athen.. and intranet.athen...) | |
| 20:01 | so use <VirtualHost *:80> | |
| 20:01 | for both | |
| 20:01 | ambrose | i don't think it's any less safe, fwiw |
| 20:01 | kados | cool, thanks |
| 20:02 | chris | nope no less safe really |
| 20:02 | kados | do you know what the reason for putting intranet on 8080 was originally? |
| 20:02 | chris | lots of ppl dont run their own dns |
| 20:02 | originally it wasnt on 8080 | |
| 20:03 | that came in round 1.2.0 | |
| 20:03 | kados | oh :-) |
| 20:03 | chris | because people often only had somehting.something.something |
| 20:03 | and couldnt make the koha.something and opac.something etc | |
| 20:04 | kados | ahh ... makes sense |
| 20:04 | thanks chris | |
| 20:04 | chris | at hlt koha.something resolves to an ipnumber that is only available internally |
| 20:04 | kados | yea that's what I'm thinking of doing |
| 20:04 | chris | cool |
| 20:04 | kados | too bad our network is a bit fragmented these days |
| 20:05 | we used to have strictly internal ip ranges that all branches could access | |
| 20:05 | but now we've got several branches using dsl and cable modem and they only have one IP ... | |
| 20:05 | I suppose i could setup virtual tunneling | |
| 20:06 | but not on our routers as they stand ... | |
| 20:06 | Stephen liked the idea of using fanless OpenBSD boxes so that may happen here soon | |
| 20:06 | chris | sweet :) |
| 20:07 | kados | for now I'm trying to figure out a way to get our next Koha 2.2 machine securely configured without those nifty BSD guys |
| 20:08 | We have to use a public IP since several of our branches have to cross the internet cloud to get to our main branch | |
| 20:08 | any suggestions? | |
| 20:08 | chris | ipsec tunnels? |
| 20:08 | kados | hmmm ... |
| 20:09 | chris | ie build a little vpn |
| 20:09 | and have the librarian interface available on that | |
| 20:09 | kados | yea ... but we can't do that with our current routers |
| 20:09 | chris | ahh right |
| 20:09 | kados | and I dont' think we'll get the BSD boxes for about 6 months or so |
| 20:10 | Is there some way to limit connections to an interface in Apache to certain IP ranges? | |
| 20:10 | chris | you could put some basic http auth on the libraian interace |
| 20:10 | certainly | |
| 20:10 | in your virtualhost you can have | |
| 20:11 | <Limit GET POST> | |
| 20:11 | Order allow,deny | |
| 20:11 | Allow from 203.79.121.240 | |
| 20:11 | </Limit> | |
| 20:11 | kados | cool ... and I suppose I could have Allow from 66.213.78.0/24 too? |
| 20:12 | chris | yep, but that is |
| 20:12 | 66.213.78.* | |
| 20:12 | kados | ahh |
| 20:12 | chris | i think is the syntax |
| 20:12 | kados | thanks chris that will do it I think |
| 20:12 | chris | otherwise u just have lots of Allow lines |
| 20:12 | kados | I can narrow down the IP addresses of our remote branches |
| 20:12 | chris | one per ipnumber |
| 20:12 | kados | and limit connections to those IPs + our class 3 |
| 20:13 | chris | right |
| 20:13 | souunds like a pretty good start | |
| 20:13 | every other ip will get a 403 | |
| 20:13 | kados | I suppose IP spoofing is always a possibility |
| 20:14 | chris | yep but its raising the bar |
| 20:14 | and thats what security is all about really | |
| 20:14 | kados | right ... |
| 20:14 | so one more question now that we're talking about security | |
| 20:15 | do you see Koha ever using ssh for data transfer on the opac side? | |
| 20:15 | (patrons data is currently clear text until it hits the server) | |
| 20:15 | and even then only the password is encrypted | |
| 20:15 | chris | right you could put the opac on https:// |
| 20:16 | kados | can I do that with virutal hosts? |
| 20:16 | I thought I couldn't ... | |
| 20:16 | would we have to buy a certificate or something? | |
| 20:16 | chris | yep |
| 20:17 | and you can only have one secure site per ipnumber | |
| 20:17 | kados | how seamless would that transition be do you think? |
| 20:17 | chris | ie you cant have https://koha.someth and https://opac.something if they both resolve the same ipnumber |
| 20:17 | kados | ahh |
| 20:17 | well we could just use another IP for that on the same machine tho, ne? | |
| 20:18 | chris | exactly |
| 20:18 | and you could have http://opac just redirect to https://opac | |
| 20:18 | kados | hmmm ... any good docs on how to do that? |
| 20:18 | chris | set up a secure site? or do a redirect? |
| 20:18 | kados | both |
| 20:19 | I guess the first first :-) | |
| 20:19 | chris | Redirect / https://opac.something |
| 20:19 | kados | hehe |
| 20:19 | chris | you just put that in ur http opac virtual host config |
| 20:19 | kados | ok ... |
| 20:19 | chris | you run apache2 right? |
| 20:20 | kados | yea ... |
| 20:22 | chris | right |
| 20:23 | http://www.informit.com/articl[…]?p=30115&seqNum=3 might be some help | |
| 20:23 | kados | cool ... thanks |
| 21:09 | thanks for the help chris I think I've got a really killer httpd.conf now I just have to wait till our ISP adds the DNS so I can test it (I self-certified for now just to test) | |
| 21:09 | chris | sweet |
| 21:10 | kados | I'm gonna head out ... see you tomorrow |
| 21:10 | chris | cya |
| 21:34 | tungsten | can someone give me a hand getting my borrower data in? |
| 21:34 | thanks | |
| 22:13 | got it in will report to wiki thanks | |
| 05:25 | genji | hiya. help! problem. Subjectheadings textarea is not getting into the database. |
| 06:16 | BUG FOUND! | |
| 06:28 | then again, bug not found. gah. | |
| 09:15 | hey paul, you active? | |
| 09:15 | paul | lucky man ;-) |
| 09:16 | genji | hiya. help! problem. Subjectheadings textarea is not getting into the database, using saveitem.pl in acqui.simple. call to modsubject is correct, as ive tested it in perl -d. |
| 09:16 | paul | you have MARC=OFF in systemprefs ? |
| 09:17 | genji | yup. |
| 09:17 | paul | so I can't help you. You need to ask chris, he & katipo are the MARC=OFF guys. I'm the MARC=ON one ;-) |
| 09:17 | genji | k. maybe i put marc=on and try it? |
| 09:19 | okay... where the... where do you put subjects in the marc biblio? | |
| 09:19 | paul | in the marc biblio, everything is stored in : |
| 09:20 | * marc_biblio for header | |
| 09:20 | * marc_subfield_table for subfields | |
| 09:20 | * marc_word for all words of a subfield | |
| 09:20 | genji | http://intranet/cgi-bin/koha/a[…]mple/addbiblio.pl marc=on. where do i put it? |
| 09:20 | there isn't any subject field. | |
| 09:20 | paul | the C4::Biblio/MARCkoha2marc sub will transform a non-MARC hash info a hash one. |
| 09:20 | you need to modify your cataloguing setup | |
| 09:21 | (Koha >> Parameters >> biblio frameworks) | |
| 09:21 | then select your "item" MARC field | |
| 09:21 | and just add your subject somewhere. | |
| 09:21 | in tab 10 (items), with any other constraint. | |
| 09:21 | oups, no | |
| 09:21 | sorrys. | |
| 09:22 | nothing to deal with "items". | |
| 09:22 | so : | |
| 09:22 | go to biblio framework | |
| 09:22 | select the tag (MARC field) where your subject is stored | |
| 09:22 | "activate" it in any tab (except 10, that is for items) | |
| 09:22 | add any other constraint (like "mandatory" or not...) | |
| 09:22 | and that's all. | |
| 09:23 | your MARC editor will now show it & koha will store it | |
| 09:23 | if you want to do everything : | |
| 09:23 | "link" this field to bibliosubject.subject in the non MARC DB | |
| 09:24 | genji | eh.. too difficult. ill talk to chris tomorrow. |
| 09:24 | paul | too difficult, but very powerful. |
← Previous day | Today | Next day → | Search | Index