Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision |
administration:security [2020/09/01 06:29] – [Proxies and IP Authentication] emaijala | administration:security [2022/10/18 17:03] – [Securing User Credentials] demiankatz |
---|
| |
VuFind stores some user information in its database. Starting with VuFind 2.0RC1, you have the option to perform extra hashing/encryption to protect these credentials. The settings are off by default in [[configuration:files:config.ini]], but they can be enabled through VuFind's auto-configuration pages. Enabling security is highly recommended. | VuFind stores some user information in its database. Starting with VuFind 2.0RC1, you have the option to perform extra hashing/encryption to protect these credentials. The settings are off by default in [[configuration:files:config.ini]], but they can be enabled through VuFind's auto-configuration pages. Enabling security is highly recommended. |
| |
| When using some [[configuration:authentication]] options, you have the ability to pre-populate user ILS credentials in the database. In some scenarios, it is possible to configure ILS drivers to look up users based only on usernames or other "public knowledge" fields. In these cases, you should disable direct user login using the allowUserLogin setting in the [Catalog] section of [[configuration:files:config.ini]] to eliminate the possibility of users attempting to impersonate one another. |
| |
===== Using a Content Security Policy ===== | ===== Using a Content Security Policy ===== |
Starting with VuFind 7.0, you can configure a [[administration:security:content_security_policy|content security policy]] to protect against cross-site scripting and other vulnerabilities. See the [[administration:security:content_security_policy|content security policy]] page for more details. | Starting with VuFind 7.0, you can configure a [[administration:security:content_security_policy|content security policy]] to protect against cross-site scripting and other vulnerabilities. See the [[administration:security:content_security_policy|content security policy]] page for more details. |
---- struct data ---- | ---- struct data ---- |
| properties.Page Owner : |
---- | ---- |
| |