EPrints Technical Mailing List Archive

Message: #07791


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] Security Level (Visible to:)


Hi Denis,
You should take a look at you file:

~/archives/[ARCHIVEID]/cfg/cfg.d/security.pl
And compare it with:
~/lib/defaultcfg/cfg.d/security.pl

If in your archive copy of security.pl you have a reference to:
    $r->connection->remote_ip
Under Apache 2.4, it will be broken.

This explains it: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feprints%2Feprints%2Fissues%2F214&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cd36c4e91a4ae41aecb4108d6bf34fec8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=8H86bMYzBLdfk2efgAbhpUjqk5GXoSu3gvaL2PWse3Y%3D&amp;reserved=0

Let me know if you need more help!
Cheers,
John

-----Original Message-----
From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of Newman D.R. via Eprints-tech
Sent: 12 April 2019 11:05
To: eprints-tech@ecs.soton.ac.uk; Denis Munyua <denis.munyua@gmail.com>
Subject: Re: [EP-tech] Security Level (Visible to:)

Hi Denis,

To confirm, you have been running Apache 2.4.25 (or at least some
version of 2.4) for some time prior to upgrading to EPrints to 3.3.16
and the problem with being able to access something you should not be
able to was not present directly prior to upgrading EPrints to 3.3.16?

Regards

David Newman

On Fri, 2019-04-12 at 12:28 +0300, Denis Munyua via Eprints-tech wrote:
> Hi John,
>
> Yes I upgraded from a previous version 3.3.* and this is not a cached
> copy. Am currently running:
> Apache/2.4.25 (Debian)
> Eprints 3.3.16
> Thanks,
>
> On Fri, Apr 12, 2019 at 12:10 PM <eprints-tech-request@ecs.soton.ac.u
> k> wrote:
> > Send Eprints-tech mailing list submissions to
> >         eprints-tech@ecs.soton.ac.uk
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >         http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tec
> > h
> > or, via email, send a message with subject or body 'help' to
> >         eprints-tech-request@ecs.soton.ac.uk
> >
> > You can reach the person managing the list at
> >         eprints-tech-owner@ecs.soton.ac.uk
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of Eprints-tech digest..."
> >
> >
> > Today's Topics:
> >
> >    1. Re: Security Level (Visible to:) (John Salter)
> >    2. Re: Security Level (Visible to:) (Yuri)
> >
> >
> > -----------------------------------------------------------------
> > -----
> >
> > Message: 1
> > Date: Fri, 12 Apr 2019 08:58:16 +0000
> > From: John Salter <J.Salter@leeds.ac.uk>
> > Subject: Re: [EP-tech] Security Level (Visible to:)
> > To: "eprints-tech@ecs.soton.ac.uk" <eprints-tech@ecs.soton.ac.uk>,
> >         "Denis  Munyua" <denis.munyua@gmail.com>
> > Message-ID:
> >         <DB6PR0302MB2711A82E5F7E1E2784DD3100C4280@DB6PR0302MB2711.e
> > urprd03.prod.outlook.com>
> >
> > Content-Type: text/plain; charset="utf-8"
> >
> > Hi Denis,
> >
> > Which version of Apache are you running (probably 2.2 or 2.4)?
> > Which version of EPrints are you running?
> > Have you upgraded EPrints from a previous version?
> >
> > Cheers,
> > John
> >
> >
> > From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bou
> > nces@ecs.soton.ac.uk] On Behalf Of Denis Munyua via Eprints-tech
> > Sent: 12 April 2019 09:43
> > To: eprints-tech@ecs.soton.ac.uk
> > Subject: [EP-tech] Security Level (Visible to:)
> >
> > Greetings,
> >
> > I set up a repository some time back and I noticed that even after
> > setting the security level for the [Thesis / Dissertation] to
> > [Repository Staff Only] users are still able to view and download
> > the full text.
> >
> > Please advise.
> >
> > --
> >
> > Denis Muny?a
> > P.O. Box 12510- 00100 | Nairobi, Kenya
> > Mobile: +254 720760340
> > Skype: denis.munyua
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachme
> > nts/20190412/8137bfce/attachment-0001.html
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Fri, 12 Apr 2019 11:09:49 +0200
> > From: Yuri <yurj@alfa.it>
> > Subject: Re: [EP-tech] Security Level (Visible to:)
> > To: <eprints-tech@ecs.soton.ac.uk>
> > Message-ID: <6b46a457-fa7b-6481-6754-b11bcd98081a@alfa.it>
> > Content-Type: text/plain; charset="utf-8"; format=flowed
> >
> > It is the cache in the browser?
> >
> > Il 12/04/19 10:58, John Salter via Eprints-tech ha scritto:
> > >
> > > Hi Denis,
> > >
> > > Which version of Apache are you running (probably 2.2 or 2.4)?
> > >
> > > Which version of EPrints are you running?
> > >
> > > Have you upgraded EPrints from a previous version?
> > >
> > > Cheers,
> > >
> > > John
> > >
> > > *From:*eprints-tech-bounces@ecs.soton.ac.uk
> > > [mailto:eprints-tech-bounces@ecs.soton.ac.uk] *On Behalf Of
> > *Denis
> > > Munyua via Eprints-tech
> > > *Sent:* 12 April 2019 09:43
> > > *To:* eprints-tech@ecs.soton.ac.uk
> > > *Subject:* [EP-tech] Security Level (Visible to:)
> > >
> > > Greetings,
> > >
> > > I set up a repository some time back and I noticed that even
> > after
> > > setting the security level for the [Thesis / Dissertation] to
> > > [Repository Staff Only] users are still able to view and download
> > the
> > > full text.
> > >
> > > Please advise.
> > >
> > > --
> > >
> > > Denis Muny?a
> > > P.O. Box 12510- 00100 | Nairobi, Kenya
> > > Mobile: +254 720760340
> > > Skype: denis.munyua
> > >
> > >
> > > *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/epri
> > nts-tech
> > > *** Archive: https://eur03.safelinks.protection.outlook.com/?url=
> > http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprin
> > ts-
> > tech%40ecs.soton.ac.uk%7Cd415218c525a4b96b87b08d6bf26a095%7C4a5378f
> > 929f44d3ebe89669d03ada9d8%7C0&amp;sdata=5eRCuJUkBrHye1LeOIuuJOHRa5V
> > Q8KXpnhH%2Bh4Mu0Ac%3D&amp;reserved=0
> > > *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Feur03.safelinks.protection.ou&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cd36c4e91a4ae41aecb4108d6bf34fec8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=HO49EhMqGTheM3nn29y3qR24JpJ%2FG3ztEQ0ePj%2BP0HQ%3D&amp;reserved=0
> > tlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7C
> > eprints-
> > tech%40ecs.soton.ac.uk%7Cd415218c525a4b96b87b08d6bf26a095%7C4a5378f
> > 929f44d3ebe89669d03ada9d8%7C0&amp;sdata=v%2FsHnQc%2BCdgX9o9xIrMCr2U
> > t62A%2FxlhTv%2FB8XdyB5pM%3D&amp;reserved=0
> > > *** EPrints developers Forum: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Feur03.safelinks.protection&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cd36c4e91a4ae41aecb4108d6bf34fec8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=eumx2RUWvYnDxd4OSFzahsn2kcp8sWi6OnSg9omu6E0%3D&amp;reserved=0.
> > outlook.com/?url=http%3A%2F%2Fforum.eprints.org%2F&amp;data=01%7C01
> > %7Ceprints-
> > tech%40ecs.soton.ac.uk%7Cd415218c525a4b96b87b08d6bf26a095%7C4a5378f
> > 929f44d3ebe89669d03ada9d8%7C0&amp;sdata=R6hKGnEdFkMlPqvLrpn0tvhY99Z
> > mLCtfzS4RFPCemzA%3D&amp;reserved=0
> >
> >
> >
> > ------------------------------
> >
> > _______________________________________________
> > Eprints-tech mailing list
> > Eprints-tech@ecs.soton.ac.uk
> > http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> >
> >
> > End of Eprints-tech Digest, Vol 127, Issue 15
> > *********************************************
> >
>
> --
> Denis Munyũa
> P.O. Box 12510- 00100 | Nairobi, Kenya
> Mobile: +254 720760340
> Skype: denis.munyua
> *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-
> tech
> *** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cd36c4e91a4ae41aecb4108d6bf34fec8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=LhO7A6UKBMrqYH5k2hjOpJZPzXvkV8xy52WEUnZdhY8%3D&amp;reserved=0
> *** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cd36c4e91a4ae41aecb4108d6bf34fec8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=DwQ7j1WXenTBbmZ2%2B9hXE8kex7gn1iQQNWy8AYluU0s%3D&amp;reserved=0
> *** EPrints developers Forum: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fforum.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cd36c4e91a4ae41aecb4108d6bf34fec8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=BNBaKtTeLtTiMr1GSXANoTV2C91JZG362uRlBr7gl2U%3D&amp;reserved=0

*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cd36c4e91a4ae41aecb4108d6bf34fec8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=LhO7A6UKBMrqYH5k2hjOpJZPzXvkV8xy52WEUnZdhY8%3D&amp;reserved=0
*** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cd36c4e91a4ae41aecb4108d6bf34fec8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=DwQ7j1WXenTBbmZ2%2B9hXE8kex7gn1iQQNWy8AYluU0s%3D&amp;reserved=0
*** EPrints developers Forum: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fforum.eprints.org%2F&amp;data=01%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cd36c4e91a4ae41aecb4108d6bf34fec8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0&amp;sdata=BNBaKtTeLtTiMr1GSXANoTV2C91JZG362uRlBr7gl2U%3D&amp;reserved=0