Warning: This page has not been updated in over over a year and may be outdated or deprecated.
administration:security
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
administration:security [2023/08/17 12:22] – demiankatz | administration:security [2024/05/22 17:27] (current) – demiankatz | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Security ====== | + | ====== Security |
===== Unix Accounts and Permissions ===== | ===== Unix Accounts and Permissions ===== | ||
Line 150: | Line 150: | ||
If you only want to temporarily access Solr from another location, you can do so without loosening security by opening an SSH tunnel to expose the Solr port on another machine, effectively allowing " | If you only want to temporarily access Solr from another location, you can do so without loosening security by opening an SSH tunnel to expose the Solr port on another machine, effectively allowing " | ||
+ | |||
===== Locking Down the Admin Panel ===== | ===== Locking Down the Admin Panel ===== | ||
Line 173: | Line 174: | ||
When using some [[configuration: | When using some [[configuration: | ||
+ | |||
+ | See also [[administration: | ||
===== Using a Content Security Policy ===== | ===== Using a Content Security Policy ===== | ||
Starting with VuFind® 7.0, you can configure a [[administration: | Starting with VuFind® 7.0, you can configure a [[administration: | ||
+ | |||
+ | ===== Rate Limiting ===== | ||
+ | |||
+ | VuFind' | ||
===== General Best Practices ===== | ===== General Best Practices ===== | ||
Line 185: | Line 192: | ||
You should also be sure to keep your dependencies up to date through necessary operating system patching and upgrading. Make sure that you are running VuFind® in combination with up-to-date and supported versions of Linux, Apache, PHP, etc. | You should also be sure to keep your dependencies up to date through necessary operating system patching and upgrading. Make sure that you are running VuFind® in combination with up-to-date and supported versions of Linux, Apache, PHP, etc. | ||
+ | |||
+ | ==== Don't Leave Autoconfiguration Turned On ==== | ||
+ | |||
+ | It's necessary to put VuFind® into " | ||
+ | |||
+ | On a related note, while it is sometimes necessary to give Apache ownership of your configuration files to allow it to write updates to disk during autoconfiguration, | ||
+ | |||
+ | ==== Check for Vulnerability Reports ==== | ||
+ | |||
+ | If you are running an older version of the software, check for known vulnerabilities at our top-level [[: | ||
---- struct data ---- | ---- struct data ---- | ||
properties.Page Owner : | properties.Page Owner : | ||
---- | ---- | ||
administration/security.txt · Last modified: 2024/05/22 17:27 by demiankatz