X-Git-Url: http://git.indexdata.com/?a=blobdiff_plain;f=doc%2Flibrary-configuration.markdown;h=178ca5cdf4795038426e9b859dc89a347e24bd16;hb=c759cf7b042d4e7fc58902912cc66c7653da3b5a;hp=ee740964f21146493d39052577f3a98de8596964;hpb=9c77ee20763651018712f75847a7bb19d05dbd13;p=mkws-moved-to-github.git diff --git a/doc/library-configuration.markdown b/doc/library-configuration.markdown index ee74096..178ca5c 100644 --- a/doc/library-configuration.markdown +++ b/doc/library-configuration.markdown @@ -86,13 +86,13 @@ the "Referring URL" field. If your application accesses the Service Proxy by a unique virtual hostname -- yourname.sp-mkws.indexdata.com, say -- you can tie the use of this hostname to your library by setting the User Access record's -"Host Name" field to name of the host where the SP is accessed. NOTE -THAT THIS IS NOT SECURE, AS OTHER APPLICATIONS CAN USE THIS VIRTUAL -HOSTNAME TO GAIN ACCESS TO YOUR LIBRARY. +"Host Name" field to name of the host where the SP is accessed. **Note +that this is not secure, as other applications can use this virtual +hostname to gain access to your library.** -TODO Authentication by IP address does not yet work correctly -- see -bug MKWS-234 ("Improve SP configuration/proxying for better -authentication"). +> TODO Authentication by IP address does not yet work correctly -- see +> bug MKWS-234 ("Improve SP configuration/proxying for better +> authentication"). Alternatively, your application can authenticate by username and password credentials. This is a useful approach in several situations, @@ -114,9 +114,9 @@ authentication is used, this is very simple: + -TODO This should be the default setting +> TODO This should be the default setting And ensure that access to the MWKS application is from the correct Referrer URL or IP-range. @@ -129,11 +129,11 @@ done by setting the service_proxy_auth configuration item to a URL containing that hostname, such as //yourname.sp-mkws.indexdata.com/service-proxy/?command=auth&action=perconfig -TODO It should be possible to change just the hostname without needing -to repeat the rest of the URL (protocol, path, query) +> TODO It should be possible to change just the hostname without +> needing to repeat the rest of the URL (protocol, path, query) -TODO When changing the SP authentication URL, the Pazpar2 URL should in -general change along with it. +> TODO When changing the SP authentication URL, the Pazpar2 URL should +> in general change along with it. ### Stage C2 (optional): embed credentials for access to the library @@ -143,8 +143,8 @@ Proxy when establishing the session. This can most simply be done just by setting the service_proxy_auth configuration item to a URL such as //sp-mkws.indexdata.com/service-proxy/?command=auth&action=perconfig&username=mike&password=swordfish -TODO It should be possible to add the username and password to the -configuration without needing to repeat the rest of the URL. +> TODO It should be possible to add the username and password to the +> configuration without needing to repeat the rest of the URL. ### Stage D (optional): conceal credentials from HTML source