how to hide refbasecontent?

Help
askalot
2014-08-03
2014-08-03
  • askalot

    askalot - 2014-08-03

    Hi

    I just installed refbase and i like it.
    But there are some points i would like to change...

    1) How can i hide the refbasecontent which is visible to everyone ("show all" link on index.php), especially from people who arent logged in.
    It is also possible to enter to the refbasedirectory without a login e.g. refbase/initialize or refbase/files.

    2) I also want to deny access to the refbasedir especially to the /files directory for logged in users (they should use the GUI :))

    How can I achieve this?
    Thanks in advance
    askalot

    Sorry wrong forum...

     
    Last edit: askalot 2014-08-03
  • Richard Karnesky

    I've moved this to the "help" forum.

    It is unclear what you are trying to restrict by making the "show all" link unavailable. Users would be able to find the content using the search functionality.

    The other items you mention are not aspects of refbase, but depend on the proper configuration of your webserver. You don't state what server you are using. If you are using Apache, you must disable Indexes (e.g. by having "Options -Indexes" in httpd.conf). Refer to Apache's documentation and support for more help with that (or the documentation/support of whatever webserver you are using).

    File links are given as direct links to files on your server. Without indexing, it will be difficult for others to "guess" the link. This has been "good enough" for very large deployments. It nicely balances restriction and use, as you can easily copy/paste a link to a PDF & provide individual file links by email.

    If you'd like additional access control, you will again need to refer to the documentation for your webserver. For Apache, see:
    https://httpd.apache.org/docs/2.2/howto/auth.html
    https://httpd.apache.org/docs/2.2/howto/access.html

     
  • askalot

    askalot - 2014-08-03

    Thank you for answering!

    The Indexes hint solved the main problem, thank you! (yes, I use apache)
    But as you mentioned it is possible for unlogged users to see the content of the database by using the search function or the show all link. How can I avoid this?

     
  • Richard Karnesky

    If you don't want anonymous users searching your database, the best approach will likely be to implement auth/access controls (referring to the links I provided).

    It is possible to allow some amount of restriction to who can see some records. However, refbase was designed to offer guest users read-only access to the citations in the database & our ability to restrict access will not ever be as bulletproof as what your webserver provides.

     
  • askalot

    askalot - 2014-08-03

    Ok, Thank you for providing refbase and the great support!
    I will go through the auth/access links.

     

Log in to post a comment.