[DAS] Re: DAS security

Lincoln Stein lstein at cshl.edu
Wed Sep 24 11:39:44 EDT 2003


Hi,

Just set the DAS server's authentication to refuse all requests except those 
from the bona-fide Ensembl IP address.  It works in LDAS using Apache's 
standard authentication/authorization system, as well as Dazzle per Thomas' 
note below.

Lincoln

On Tuesday 23 September 2003 07:49 am, Thomas Down wrote:
> On Tue, Sep 23, 2003 at 12:33:51PM +0100, James Stalker wrote:
> > Thinking about it, Neil, you are correct from the DAS point of view
> > where the Ensembl website is the client (which is what you were probably
> > talking about, sorry).  So here we have a fundamental problem - unless
> > your DAS server is also secure, there is nothing to stop a user setting
> > up another Ensembl site with a different config, or more practically
> > just using another DAS client, to look at the secret data.  In this
> > case, as you point out, a security layer inside the Ensembl server won't
> > really help.
>
> Actually, the DAS security issue shouldn't be too big a problem.
> There's the possibility of using normal HTTP authentication/authorization
> (although I'm not sure how well the current Ensembl handles this).
> Also, Dazzle supports per-datasource access restriction to
> particular IPs.
>
>      Thomas.
> _______________________________________________
> DAS mailing list
> DAS at biodas.org
> http://biodas.org/mailman/listinfo/das

-- 
========================================================================
Lincoln D. Stein                           Cold Spring Harbor Laboratory
lstein at cshl.org			                  Cold Spring Harbor, NY
========================================================================




More information about the DAS mailing list