[Dspace-devel] [DSJ] Commented: (DS-685) Remove sensitive information from HTML comments

Tue, 12 Oct 2010 14:16:03 -0700 

    [ 
http://jira.dspace.org/jira/browse/DS-685?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=11780#action_11780
 ] 

Kim Shepherd commented on DS-685:
---------------------------------

+1, though not so much for "security" reasons** as "let's not encourage 
crawlers to find links that might reference restricted bistreams" reasons. ;-)


** (anyone with a basic knowledge of XMLUI knows how to construct the 
/metadata/ links, and they're also referenced from the DRI you can see with 
/DRI/ or ?XML, so if exposure of this mets is considered a risk, you basically 
have to restrict it yourself, via sitemap or some other means... and make sure 
OpenSearch still works afterwards)

> Remove sensitive information from HTML comments
> -----------------------------------------------
>
>                 Key: DS-685
>                 URL: http://jira.dspace.org/jira/browse/DS-685
>             Project: DSpace 1.x
>          Issue Type: Bug
>          Components: XMLUI
>    Affects Versions: 1.6.2
>         Environment: xmlui
>            Reporter: Peter Dietz
>            Priority: Minor
>
> In the HTML output of an XMLUI page contains the link to the external 
> metadata mets doc, which could contain information about the item, and 
> bitstreams that the UI is suppressing. 
> view-source:http://demo.dspace.org/xmlui/handle/1842/206
> <!-- External Metadata URL: cocoon://metadata/handle/1842/206/mets.xml--> 
> This is useful to see during development, however, on production systems its 
> unnecessary. If there is a config added to specify that you are in 
> development mode, vs production mode, then that would need to be documented, 
> and added to dspace.cfg

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.dspace.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel

Reply via email to