[DAS] Re: DAS security
Thomas Down
td2 at sanger.ac.uk
Tue Sep 23 07:49:30 EDT 2003
On Tue, Sep 23, 2003 at 12:33:51PM +0100, James Stalker wrote:
>
> Thinking about it, Neil, you are correct from the DAS point of view
> where the Ensembl website is the client (which is what you were probably
> talking about, sorry). So here we have a fundamental problem - unless
> your DAS server is also secure, there is nothing to stop a user setting
> up another Ensembl site with a different config, or more practically
> just using another DAS client, to look at the secret data. In this
> case, as you point out, a security layer inside the Ensembl server won't
> really help.
Actually, the DAS security issue shouldn't be too big a problem.
There's the possibility of using normal HTTP authentication/authorization
(although I'm not sure how well the current Ensembl handles this).
Also, Dazzle supports per-datasource access restriction to
particular IPs.
Thomas.
More information about the DAS
mailing list