technical aspects of slims
DESCRIPTION
Technical Aspects of SLiMSTRANSCRIPT
SLiMS Technical Aspects
Hendro WicaksonoSLiMS Lead Developer
[email protected]/gmail.com. Twitter: @hendrowicaksono,
Facebook: facebook.com/hendrowicaksono
Internet(HTTP Protocol)
request response
request
response
Web Server
Create, read,update, delete http://slims.web.id
Kenapa & MySQL ?
Portabilitas yang lebih baik.
Terbukti berjalan baik pada ...
Update Harian
Versi stabil terakhir:SliMS 3 stable 15 (Matoa)https://github.com/slims/s3st15_matoa
Development page: https://github.com/slims
Download paket tarball:http://slims.web.id/web/?q=node/1
Web: http://slims.web.id
Dokumentasi Developer
Developer:https://github.com/slims/s3-devdocs
Dokumentasi Pengguna
http://slims.web.id/download/docs/s3-doc-id.pdf
Documentation source code (daily updated):https://github.com/slims/s3-doc-id(latex/lyx format)
SLiMS menyimpan data
Data bibliografi, pengguna, transaksi disimpan di database MySQL.
Cover data bibliografi, lampiran berkas (file attachment), cache (label, barcode, swf), Foto anggota, Back-up (sql), generated report, disimpan di filesystem.
Strategi Back-up (1)
Export “sqldump” secara berkala. Jika di Linux, gunakan cron.
Strategi Back-up (2)
Copy folder aplikasi SliMS secara berkala. Jika di Linux, gunakan cron.
Contoh skrip untuk backup#!/bin/sh
# membersihkan folder backuprm -Rf /home/hendro/backup/*
# membuat subfolder sql utk menyimpan mkdir -p /home/hendro/backup/slims_backup/sqlmkdir -p /home/hendro/backup/slims_backup/app
# dumping sql data/usr/bin/mysqldump -u root --lock-tables --password='mysqlrootpasswd' slimsdb > /home/hendro/backup/slims_backup/sql/slims.sql
# copy app foldercp -R /var/www/libsenayan /home/hendro/backup/senayan_backup/app/
tar -czf /home/hendro/backup/`date +%Y_%m_%d-%d_%B_%Y-%H_%M`.tar.gz -C /home/hendro/backup/slims_backup
scp /home/hendro/backup/*.tar.gz [email protected]:/home/hendro/backup_senayan/ >/dev/null 2>&1exit
Contoh Implementasi (1)
Perpustakaan Kemdiknas RI
ProductionServer
OPACLibrary
Staff
Backup/FileServer
request/response
request/response
backupfrequentlyvia cron &
ssh
InternetOPAC
update frequently via cron & ssh
Intranet / LAN Internet / DMZ
Untuk akses OPAC, diinstal SLiMS terpisah tetapi mengacu ke database yang sama dengan username database yang “almost read-only”.Untuk sinkronisasi folder 'images', files, repository antara aplikasi prod & opac, digunakan rsync via cron.
Server Internet OPAC tidak terkoneksi langsung dengan Production Server.Akses ke database MySQL di set “read-only” (GRANT SELECT ON dbname.* TO username@localhost IDENTIFIED BY 'paswd')Via cron, secara berkala (15 menit) database di restore.
Contoh Implementasi (2)
Sebuah Institusi Pemerintah & instansi swasta bidang perminyakan
ProductionServer
StaffLibrary
Staff
MS ActiveDirectory Server
request/response
request/response
Intranet / LAN Internet / DMZ
Librarian & member login via LDAP for single
sign-on support
SLiMS Hardening Tips
Hendro Wicaksono
Separate database access.
Separate database access (1)
Read-Only for OPACFull Access for Librarian Login
Separate database access (2)
Read-Only for OPACGRANT SELECT ON senayandb.* TO opacuser@localhost IDENTIFIED BY 'password_rahasia';GRANT UPDATE ON senayandb.member TO opacuser@localhost;
Full Access for Librarian LoginGRANT ALL PRIVILEGES ON senayandb.* TO slimsadmin@localhost IDENTIFIED BY 'password_rahasia_juga';
FLUSH PRIVILEGES;
Separate database access (3)
Create 2 sysconfig files:sysconfig.inc.php
sysconfig-opac.inc.php
Separate database access (4)
In sysconfig-opac.inc.php:define('DB_USERNAME', 'opacuser');define('DB_PASSWORD', 'password_rahasia');
In sysconfig.inc.php:define('DB_USERNAME', 'slimsadmin');define('DB_PASSWORD', 'password_rahasia_juga');
Separate database access (5)
Edit index.php:
require '../sysconfig.inc.php';
change to
require '../sysconfig-opac.inc.php';
Separate database access (6)
Since SLiMS version 3 stable 15 (matoa), just copy
sysconfig.local.inc.php to sysconfig.local.fa.inc.php and adjust
the database connection setting for admin user.
Access Restriction based on IP Address to Librarian
Login.
IP Restriction to LibLogin
Edit lib/contents/login.inc.php:
$allowed_liblogin_ip = array('127.0.0.1');$remote_addr = $_SERVER['REMOTE_ADDR'];$confirmation = 0;
foreach ($allowed_liblogin_ip as $ip) { if ($ip == $remote_addr) { $confirmation = 1; }}
if (!$confirmation) { header ("location:index.php");}
HTTP Secure Connection to Librarian Login
HTTPS Secure Connection (1)
Edit lib/contents/login.inc.php:
if ($_SERVER['SERVER_PORT'] != '443') { header ("location:index.php");}
HTTPS Secure Connection (2)
Edit admin/index.php:
if ($_SERVER['SERVER_PORT'] != '443') { header ("location:../index.php");}
Security by obscurity (1)
Remove link to Librarian Login in OPAC
Security by obscurity (2)
<li><a class="menu" href="index.php?p=login"><span><?php echo __('Librarian LOGIN'); ?></span></a></li>
Change to
<!-- <li><a class="menu" href="index.php?p=login"><span><?php echo __('Librarian LOGIN'); ?></span></a></li> →
Or delete the line.
Do not use shared account. Every staff should login with
their own account.
Separate Account for Staffs
Choose the right Operating System for your needs.
Choose the Right OS
Suhosin!
sudo apt-get install php5-suhosin
PHP Hardening
MySQL Hardening
Apache Hardening
Choose the web server with built-in security features
PHP Accelerator/Opcode cache
Performance tuning
sudo apt-get install php-apc
APC
sudo apt-get install php5-xcache
xcache
Diskusi