SLiMS Technical Aspects Hendro Wicaksono SLiMS Lead Developer hendrowicaksono@yahoo.com/gmail.com.  Twitter: @hendrowicaks...
Internet (HTTP Protocol) request response Web Server Create, read, update, delete http://slims.web.id request response
Kenapa  &  MySQL ? Portabilitas yang lebih baik.
Terbukti berjalan baik pada ...
SCM software Source code management menggunakan GIT ( http://git-scm.com/ )
Update Harian Versi stabil terakhir: SliMS 3 stable 15 (Matoa) https://github.com/slims/s3st15_matoa   Development page:  ...
Dokumentasi Developer Developer: https://github.com/slims/s3-devdocs
Dokumentasi Pengguna http://slims.web.id/download/docs/s3-doc-id.pdf Documentation source code (daily updated): https://gi...
SLiMS menyimpan data Data bibliografi, pengguna, transaksi disimpan di database MySQL. Cover data bibliografi, lampiran be...
Strategi Back-up (1) Export “sqldump” secara berkala. Jika di Linux, gunakan cron.
Strategi Back-up (2) Copy folder aplikasi SliMS secara berkala. Jika di Linux, gunakan cron.
Contoh skrip untuk backup #!/bin/sh # membersihkan folder backup rm -Rf /home/hendro/backup/* # membuat subfolder sql utk ...
Contoh Implementasi (1) Perpustakaan Kemdiknas RI Production Server OPAC Library Staff Backup/File Server request/ respons...
Contoh Implementasi (2) Sebuah Institusi Pemerintah & instansi swasta bidang perminyakan Production Server Staff Library S...
SLiMS Hardening Tips Hendro Wicaksono
Separate database access.
Separate database access (1) <ul><li>Read-Only for OPAC
Full Access for Librarian Login </li></ul>
Separate database access (2) Read-Only for OPAC GRANT SELECT ON senayandb.* TO  [email_address]  IDENTIFIED BY 'password_r...
Separate database access (3) Create 2 sysconfig files: <ul><li>sysconfig.inc.php
sysconfig-opac.inc.php </li></ul>
Separate database access (4) In sysconfig-opac.inc.php: define('DB_USERNAME', 'opacuser'); define('DB_PASSWORD', 'password...
Separate database access (5) Edit index.php: require '../sysconfig.inc.php'; change to  require '../sysconfig-opac.inc.php';
Separate database access (6) Since SLiMS version 3 stable 15 (matoa), just copy  sysconfig.local.inc.php  to  sysconfig.lo...
Access Restriction based on IP Address to Librarian Login.
IP Restriction to LibLogin Edit lib/contents/login.inc.php: $allowed_liblogin_ip = array('127.0.0.1'); $remote_addr = $_SE...
HTTP Secure Connection to Librarian Login
HTTPS Secure Connection (1) Edit lib/contents/login.inc.php: if ($_SERVER['SERVER_PORT'] != '443') { header (&quot;locatio...
HTTPS Secure Connection (2) Edit admin/index.php: if ($_SERVER['SERVER_PORT'] != '443') { header (&quot;location:../index....
Security by obscurity (1) Remove link to Librarian Login in OPAC
Security by obscurity (2) <li><a class=&quot;menu&quot; href=&quot;index.php?p=login&quot;><span><?php echo __('Librarian ...
Do not use shared account. Every staff should login with their own account. Separate Account for Staffs
Choose the right Operating System for your needs. Choose the Right OS
Suhosin! sudo apt-get install php5-suhosin PHP Hardening
MySQL Hardening
Apache Hardening
 
Choose the web server with built-in security features
Upcoming SlideShare
Loading in …5
×

Technical Aspects of SLiMS

14,735 views

Published on

Technical Aspects of SLiMS

Published in: Education, Technology
2 Comments
1 Like
Statistics
Notes
  • kok susah di unduhnya sik nih?? please give me the way out
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • gracelove200@yahoo.com


    Hello,
    am a young single girl never married
    seeking true love for a long term relationship
    with marriage potentials,
    you can contact me through ( gracelove200@yahoo.com) so that
    i will send you my photos,till
    i hear from you,bye and kisses!

    gracelove200@yahoo.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
14,735
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
173
Comments
2
Likes
1
Embeds 0
No embeds

No notes for slide

Technical Aspects of SLiMS

  1. 1. SLiMS Technical Aspects Hendro Wicaksono SLiMS Lead Developer hendrowicaksono@yahoo.com/gmail.com. Twitter: @hendrowicaksono, Facebook: facebook.com/hendrowicaksono
  2. 2. Internet (HTTP Protocol) request response Web Server Create, read, update, delete http://slims.web.id request response
  3. 3. Kenapa & MySQL ? Portabilitas yang lebih baik.
  4. 4. Terbukti berjalan baik pada ...
  5. 5. SCM software Source code management menggunakan GIT ( http://git-scm.com/ )
  6. 6. Update Harian Versi stabil terakhir: SliMS 3 stable 15 (Matoa) https://github.com/slims/s3st15_matoa Development page: https://github.com/slims Download paket tarball: http://slims.web.id/web/?q=node/1 Web: http://slims.web.id
  7. 7. Dokumentasi Developer Developer: https://github.com/slims/s3-devdocs
  8. 8. Dokumentasi Pengguna http://slims.web.id/download/docs/s3-doc-id.pdf Documentation source code (daily updated): https://github.com/slims/s3-doc-id (latex/lyx format)
  9. 9. SLiMS menyimpan data Data bibliografi, pengguna, transaksi disimpan di database MySQL. Cover data bibliografi, lampiran berkas (file attachment), cache (label, barcode, swf), Foto anggota, Back-up (sql), generated report, disimpan di filesystem .
  10. 10. Strategi Back-up (1) Export “sqldump” secara berkala. Jika di Linux, gunakan cron.
  11. 11. Strategi Back-up (2) Copy folder aplikasi SliMS secara berkala. Jika di Linux, gunakan cron.
  12. 12. Contoh skrip untuk backup #!/bin/sh # membersihkan folder backup rm -Rf /home/hendro/backup/* # membuat subfolder sql utk menyimpan mkdir -p /home/hendro/backup/slims_backup/sql mkdir -p /home/hendro/backup/slims_backup/app # dumping sql data /usr/bin/mysqldump -u root --lock-tables --password='mysqlrootpasswd' slimsdb > /home/hendro/backup/slims_backup/sql/slims.sql # copy app folder cp -R /var/www/libsenayan /home/hendro/backup/senayan_backup/app/ tar -czf /home/hendro/backup/`date +%Y_%m_%d-%d_%B_%Y-%H_%M`.tar.gz -C /home/hendro/backup/slims_backup scp /home/hendro/backup/*.tar.gz hendro@10.0.0.145:/home/hendro/backup_senayan/ >/dev/null 2>&1 exit
  13. 13. Contoh Implementasi (1) Perpustakaan Kemdiknas RI Production Server OPAC Library Staff Backup/File Server request/ response request/ response backup frequently via cron & ssh Internet OPAC update frequently via cron & ssh Intranet / LAN Internet / DMZ Untuk akses OPAC, diinstal SLiMS terpisah tetapi mengacu ke database yang sama dengan username database yang “almost read-only”. Untuk sinkronisasi folder 'images', files, repository antara aplikasi prod & opac, digunakan rsync via cron. Server Internet OPAC tidak terkoneksi langsung dengan Production Server. Akses ke database MySQL di set “read-only” (GRANT SELECT ON dbname.* TO [email_address] IDENTIFIED BY 'paswd') Via cron, secara berkala (15 menit) database di restore.
  14. 14. Contoh Implementasi (2) Sebuah Institusi Pemerintah & instansi swasta bidang perminyakan Production Server Staff Library Staff MS Active Directory Server request/ response request/ response Intranet / LAN Internet / DMZ Librarian & member login via LDAP for single sign-on support
  15. 15. SLiMS Hardening Tips Hendro Wicaksono
  16. 16. Separate database access.
  17. 17. Separate database access (1) <ul><li>Read-Only for OPAC
  18. 18. Full Access for Librarian Login </li></ul>
  19. 19. Separate database access (2) Read-Only for OPAC GRANT SELECT ON senayandb.* TO [email_address] IDENTIFIED BY 'password_rahasia'; GRANT UPDATE ON senayandb.member TO [email_address] ; Full Access for Librarian Login GRANT ALL PRIVILEGES ON senayandb.* TO [email_address] IDENTIFIED BY 'password_rahasia_juga'; FLUSH PRIVILEGES;
  20. 20. Separate database access (3) Create 2 sysconfig files: <ul><li>sysconfig.inc.php
  21. 21. sysconfig-opac.inc.php </li></ul>
  22. 22. Separate database access (4) In sysconfig-opac.inc.php: define('DB_USERNAME', 'opacuser'); define('DB_PASSWORD', 'password_rahasia'); In sysconfig.inc.php: define('DB_USERNAME', 'slimsadmin'); define('DB_PASSWORD', 'password_rahasia_juga');
  23. 23. Separate database access (5) Edit index.php: require '../sysconfig.inc.php'; change to require '../sysconfig-opac.inc.php';
  24. 24. Separate database access (6) Since SLiMS version 3 stable 15 (matoa), just copy sysconfig.local.inc.php to sysconfig.local.fa.inc.php and adjust the database connection setting for admin user.
  25. 25. Access Restriction based on IP Address to Librarian Login.
  26. 26. IP Restriction to LibLogin Edit lib/contents/login.inc.php: $allowed_liblogin_ip = array('127.0.0.1'); $remote_addr = $_SERVER['REMOTE_ADDR']; $confirmation = 0; foreach ($allowed_liblogin_ip as $ip) { if ($ip == $remote_addr) { $confirmation = 1; } } if (!$confirmation) { header (&quot;location:index.php&quot;); }
  27. 27. HTTP Secure Connection to Librarian Login
  28. 28. HTTPS Secure Connection (1) Edit lib/contents/login.inc.php: if ($_SERVER['SERVER_PORT'] != '443') { header (&quot;location:index.php&quot;); }
  29. 29. HTTPS Secure Connection (2) Edit admin/index.php: if ($_SERVER['SERVER_PORT'] != '443') { header (&quot;location:../index.php&quot;); }
  30. 30. Security by obscurity (1) Remove link to Librarian Login in OPAC
  31. 31. Security by obscurity (2) <li><a class=&quot;menu&quot; href=&quot;index.php?p=login&quot;><span><?php echo __('Librarian LOGIN'); ?></span></a></li> Change to <!-- <li><a class=&quot;menu&quot; href=&quot;index.php?p=login&quot;><span><?php echo __('Librarian LOGIN'); ?></span></a></li> -> Or delete the line.
  32. 32. Do not use shared account. Every staff should login with their own account. Separate Account for Staffs
  33. 33. Choose the right Operating System for your needs. Choose the Right OS
  34. 34. Suhosin! sudo apt-get install php5-suhosin PHP Hardening
  35. 35. MySQL Hardening
  36. 36. Apache Hardening
  37. 38. Choose the web server with built-in security features
  38. 39. PHP Accelerator/Opcode cache Performance tuning sudo apt-get install php-apc APC sudo apt-get install php5-xcache xcache
  39. 40. Diskusi

×