Technical Aspects of SLiMS

SLiMS Technical Aspects Hendro Wicaksono SLiMS Lead Developer hendrowicaksono@yahoo.com/gmail.com. Twitter: @hendrowicaksono, Facebook: facebook.com/hendrowicaksono

Internet (HTTP Protocol) request response Web Server Create, read, update, delete http://slims.web.id request response

Kenapa & MySQL ? Portabilitas yang lebih baik.

Terbukti berjalan baik pada ...

SCM software Source code management menggunakan GIT ( http://git-scm.com/ )

Update Harian Versi stabil terakhir: SliMS 3 stable 15 (Matoa) https://github.com/slims/s3st15_matoa Development page: https://github.com/slims Download paket tarball: http://slims.web.id/web/?q=node/1 Web: http://slims.web.id

Dokumentasi Developer Developer: https://github.com/slims/s3-devdocs

Dokumentasi Pengguna http://slims.web.id/download/docs/s3-doc-id.pdf Documentation source code (daily updated): https://github.com/slims/s3-doc-id (latex/lyx format)

SLiMS menyimpan data Data bibliografi, pengguna, transaksi disimpan di database MySQL. Cover data bibliografi, lampiran berkas (file attachment), cache (label, barcode, swf), Foto anggota, Back-up (sql), generated report, disimpan di filesystem .

Strategi Back-up (1) Export “sqldump” secara berkala. Jika di Linux, gunakan cron.

Strategi Back-up (2) Copy folder aplikasi SliMS secara berkala. Jika di Linux, gunakan cron.

Contoh skrip untuk backup #!/bin/sh # membersihkan folder backup rm -Rf /home/hendro/backup/* # membuat subfolder sql utk menyimpan mkdir -p /home/hendro/backup/slims_backup/sql mkdir -p /home/hendro/backup/slims_backup/app # dumping sql data /usr/bin/mysqldump -u root --lock-tables --password='mysqlrootpasswd' slimsdb > /home/hendro/backup/slims_backup/sql/slims.sql # copy app folder cp -R /var/www/libsenayan /home/hendro/backup/senayan_backup/app/ tar -czf /home/hendro/backup/`date +%Y_%m_%d-%d_%B_%Y-%H_%M`.tar.gz -C /home/hendro/backup/slims_backup scp /home/hendro/backup/*.tar.gz hendro@10.0.0.145:/home/hendro/backup_senayan/ >/dev/null 2>&1 exit

Contoh Implementasi (1) Perpustakaan Kemdiknas RI Production Server OPAC Library Staff Backup/File Server request/ response request/ response backup frequently via cron & ssh Internet OPAC update frequently via cron & ssh Intranet / LAN Internet / DMZ Untuk akses OPAC, diinstal SLiMS terpisah tetapi mengacu ke database yang sama dengan username database yang “almost read-only”. Untuk sinkronisasi folder 'images', files, repository antara aplikasi prod & opac, digunakan rsync via cron. Server Internet OPAC tidak terkoneksi langsung dengan Production Server. Akses ke database MySQL di set “read-only” (GRANT SELECT ON dbname.* TO [email_address] IDENTIFIED BY 'paswd') Via cron, secara berkala (15 menit) database di restore.

Contoh Implementasi (2) Sebuah Institusi Pemerintah & instansi swasta bidang perminyakan Production Server Staff Library Staff MS Active Directory Server request/ response request/ response Intranet / LAN Internet / DMZ Librarian & member login via LDAP for single sign-on support

SLiMS Hardening Tips Hendro Wicaksono

Separate database access (1) ,[object Object]

Full Access for Librarian Login

Separate database access (2) Read-Only for OPAC GRANT SELECT ON senayandb.* TO [email_address] IDENTIFIED BY 'password_rahasia'; GRANT UPDATE ON senayandb.member TO [email_address] ; Full Access for Librarian Login GRANT ALL PRIVILEGES ON senayandb.* TO [email_address] IDENTIFIED BY 'password_rahasia_juga'; FLUSH PRIVILEGES;

Separate database access (3) Create 2 sysconfig files: ,[object Object]

Separate database access (4) In sysconfig-opac.inc.php: define('DB_USERNAME', 'opacuser'); define('DB_PASSWORD', 'password_rahasia'); In sysconfig.inc.php: define('DB_USERNAME', 'slimsadmin'); define('DB_PASSWORD', 'password_rahasia_juga');

Separate database access (5) Edit index.php: require '../sysconfig.inc.php'; change to require '../sysconfig-opac.inc.php';

Separate database access (6) Since SLiMS version 3 stable 15 (matoa), just copy sysconfig.local.inc.php to sysconfig.local.fa.inc.php and adjust the database connection setting for admin user.

Access Restriction based on IP Address to Librarian Login.

IP Restriction to LibLogin Edit lib/contents/login.inc.php: $allowed_liblogin_ip = array('127.0.0.1'); $remote_addr = $_SERVER['REMOTE_ADDR']; $confirmation = 0; foreach ($allowed_liblogin_ip as $ip) { if ($ip == $remote_addr) { $confirmation = 1; } } if (!$confirmation) { header ("location:index.php"); }

HTTP Secure Connection to Librarian Login

HTTPS Secure Connection (1) Edit lib/contents/login.inc.php: if ($_SERVER['SERVER_PORT'] != '443') { header ("location:index.php"); }

HTTPS Secure Connection (2) Edit admin/index.php: if ($_SERVER['SERVER_PORT'] != '443') { header ("location:../index.php"); }

Security by obscurity (1) Remove link to Librarian Login in OPAC

Security by obscurity (2) <li><a class="menu" href="index.php?p=login"><span><?php echo __('Librarian LOGIN'); ?></span></a></li> Change to <!-- <li><a class="menu" href="index.php?p=login"><span><?php echo __('Librarian LOGIN'); ?></span></a></li> -> Or delete the line.

Do not use shared account. Every staff should login with their own account. Separate Account for Staffs

Choose the right Operating System for your needs. Choose the Right OS

Suhosin! sudo apt-get install php5-suhosin PHP Hardening

Choose the web server with built-in security features

Technical Aspects of SLiMS

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Technical Aspects of SLiMS

Ähnlich wie Technical Aspects of SLiMS (20)

Mehr von hendrowicaksono

Mehr von hendrowicaksono (11)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Technical Aspects of SLiMS