Hello All,
The DSpace instance I am working on will be used to facilitate data sharing
of very sensitive information, for example, identifiable health-related
information. Hence, there is a need to make it a very secure application. I
am in the process of obtaining information on what needs to be done in
order to make it secure- server configurations, application configuration,
database security, etc.
Currently, I have setup the application on one server and the database on
another. Upon reading the dspace documentation, however, I figured that the
assetstore directory contains the uploaded data.
1. Any ideas on how I can secure this directory? Is it possible to
retrieve the item if the directory gets compromised or does the database
have some key which is required to retrieve the item?
2. Does it make more sense to move the assetstore directory to a secure
location? If yes, how can I go about doing this? Since the database will
have login credentials for all registered users, and the fact that
registered users have access to the protected information, should I
consider keeping the assetstore directory and database separated from where
the application resides?
3. Any configuration settings on Apache httpd and tomcat other than making
dspace run on https?
4. How can I perform an audit on the system? For example, get a list of
users who downloaded a particular item.
I would greatly any help and insights into making the dspace application a
very secure one. I would also be more than happy to document all the steps
(once I have it all figured out and tried and tested) for the benefit of
anyone interested.
Regards,
Shazia
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
