From jlease at hmc.psu.edu Fri May 1 12:03:27 2015 From: jlease at hmc.psu.edu (Lease, Joshua) Date: Fri, 1 May 2015 16:03:27 +0000 Subject: [Eagle-i-admins] Eagle-i-admins Digest, Vol 20, Issue 1 In-Reply-To: References: Message-ID: I believe that the passwords are stored in plain text in the database. Optimally, it would be stored as a hash at that level (and therefore would be a hash from make-snapshot.sh). On 5/1/15, 12:00 PM, "eagle-i-admins-request at open.med.harvard.edu" wrote: >Send Eagle-i-admins mailing list submissions to > eagle-i-admins at open.med.harvard.edu > >To subscribe or unsubscribe via the World Wide Web, visit > https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins >or, via email, send a message with subject or body 'help' to > eagle-i-admins-request at open.med.harvard.edu > >You can reach the person managing the list at > eagle-i-admins-owner at open.med.harvard.edu > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of Eagle-i-admins digest..." > > >Today's Topics: > > 1. output of make-snapshot.sh (Faith Coldren) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Thu, 30 Apr 2015 15:59:36 -0400 >From: Faith Coldren >To: "eagle-i-admins at open.med.harvard.edu" > >Subject: [Eagle-i-admins] output of make-snapshot.sh >Message-ID: > >Content-Type: text/plain; charset="utf-8" > >Hi, > >We saw that the users.trig file output by make-snapshot.sh stores the >credentials in plain text. > >Is this by design? >If so, is there a plan to change the output of user credentials to a hash? > >Thank you, >Faith >-------------- next part -------------- >An HTML attachment was scrubbed... >URL: > >------------------------------ > >_______________________________________________ >Eagle-i-admins mailing list >Eagle-i-admins at open.med.harvard.edu >https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins > > >End of Eagle-i-admins Digest, Vol 20, Issue 1 >********************************************* From Daniela_Bourges at hms.harvard.edu Fri May 1 13:32:20 2015 From: Daniela_Bourges at hms.harvard.edu (Bourges, Daniela) Date: Fri, 1 May 2015 13:32:20 -0400 Subject: [Eagle-i-admins] Eagle-i-admins Digest, Vol 20, Issue 1 In-Reply-To: References:

Message-ID: <37A3446A-8F71-46CE-91E8-65DBA8D4575C@hms.harvard.edu> Faith, Joshua, Thanks for initiating this discussion. This is a known issue, stemming from the very simple authentication mechanism that was originally implemented when eagle-i was being prototyped. We honestly haven?t had any cycles to go back and reimplement it (any volunteers?). Do note that only the admin has access to this information. In the servers we maintain we mitigate the risk at the OS level, e.g. by keeping the backups and other serialized data in a directory with very restricted access. Of course this is no replacement for the correct solution (storing hashes as Joshua points out), but unfortunately we don?t have a good estimate of when this will be implemented. Kind regards, Daniela > On May 1, 2015, at 12:03, Lease, Joshua wrote: > > I believe that the passwords are stored in plain text in the database. Optimally, it would be stored as a hash at that level (and therefore would be a hash from make-snapshot.sh). > > > > On 5/1/15, 12:00 PM, "eagle-i-admins-request at open.med.harvard.edu" wrote: > >> Send Eagle-i-admins mailing list submissions to >> eagle-i-admins at open.med.harvard.edu >> >> To subscribe or unsubscribe via the World Wide Web, visit >> https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins >> or, via email, send a message with subject or body 'help' to >> eagle-i-admins-request at open.med.harvard.edu >> >> You can reach the person managing the list at >> eagle-i-admins-owner at open.med.harvard.edu >> >> When replying, please edit your Subject line so it is more specific >> than "Re: Contents of Eagle-i-admins digest..." >> >> >> Today's Topics: >> >> 1. output of make-snapshot.sh (Faith Coldren) >> >> >> ---------------------------------------------------------------------- >> >> Message: 1 >> Date: Thu, 30 Apr 2015 15:59:36 -0400 >> From: Faith Coldren >> To: "eagle-i-admins at open.med.harvard.edu" >> >> Subject: [Eagle-i-admins] output of make-snapshot.sh >> Message-ID: >> >> Content-Type: text/plain; charset="utf-8" >> >> Hi, >> >> We saw that the users.trig file output by make-snapshot.sh stores the >> credentials in plain text. >> >> Is this by design? >> If so, is there a plan to change the output of user credentials to a hash? >> >> Thank you, >> Faith >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: >> >> ------------------------------ >> >> _______________________________________________ >> Eagle-i-admins mailing list >> Eagle-i-admins at open.med.harvard.edu >> https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins >> >> >> End of Eagle-i-admins Digest, Vol 20, Issue 1 >> ********************************************* > _______________________________________________ > Eagle-i-admins mailing list > Eagle-i-admins at open.med.harvard.edu > https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins From jrobertson3 at hmc.psu.edu Thu May 7 13:06:52 2015 From: jrobertson3 at hmc.psu.edu (Robertson, Jim) Date: Thu, 7 May 2015 17:06:52 +0000 Subject: [Eagle-i-admins] Availability of Release Notes for 3.5.0? Message-ID: All, Thank you for posting the release notes through 3.4.2. However, the central site has been upgraded to 3.5.0 for over a month and release notes are still not available (the document site still lists 3.4.2 as the current release). Is there any estimate for getting these published? Regards, Jim Robertson Systems Analyst - Research Informatics Phone: (717) 531-0003 x289483 Email: jrobertson3 at hmc.psu.edu -------------- next part -------------- An HTML attachment was scrubbed... URL: From jlease at hmc.psu.edu Fri May 8 08:23:54 2015 From: jlease at hmc.psu.edu (Lease, Joshua) Date: Fri, 8 May 2015 12:23:54 +0000 Subject: [Eagle-i-admins] Eagle-i-admins Digest, Vol 20, Issue 1 In-Reply-To: References:

Message-ID: Admins, We've noticed a feature on our eagle-i instance that we do not know how to get working. This is the "Request this resource" feature for resources like biological specimens. Completing the form and submitting it results in the loading circle for a split second and then no change as if I had not pressed the button. No emails are sent. There's no errors in the JavaScript console or server error log either. Please see the attached screen shot for an image of the function. I'm not really sure how the functionality is supposed to work or what configuration it requires for it to work. Can anyone shed some light on this? Thanks, Joshua Lease -------------- next part -------------- A non-text attachment was scrubbed... Name: Screen Shot 2015-05-08 at 8.21.52 AM.png Type: image/png Size: 186333 bytes Desc: Screen Shot 2015-05-08 at 8.21.52 AM.png URL: From Sophia_Cheng at hms.harvard.edu Fri May 8 13:55:57 2015 From: Sophia_Cheng at hms.harvard.edu (Cheng, Sophia Kuen) Date: Fri, 8 May 2015 13:55:57 -0400 Subject: [Eagle-i-admins] Eagle-i-admins Digest, Vol 20, Issue 1 In-Reply-To: References:

Message-ID: <54EE5A98-EA83-43D8-839C-671221E6D52A@hms.harvard.edu> Hi Joshua, The screenshot you showed is for a specific type of contact that is only relevant when running central search. This might be a configuration issue. One possible configuration that could lead to this is: - local-node.xml ==> true Your local-node.xml should not have the above line in it. Also, please check your eagle-i-apps.properties for eaglei.search.is.central. This should either not be in the file or set to false for institution search. Hope this helps. Let me know if you need further assistance. Cheerios, Sophia > On May 8, 2015, at 8:23 AM, Lease, Joshua wrote: > > Admins, > > We've noticed a feature on our eagle-i instance that we do not know how to > get working. This is the "Request this resource" feature for resources > like biological specimens. Completing the form and submitting it results > in the loading circle for a split second and then no change as if I had > not pressed the button. No emails are sent. There's no errors in the > JavaScript console or server error log either. > > Please see the attached screen shot for an image of the function. I'm not > really sure how the functionality is supposed to work or what > configuration it requires for it to work. Can anyone shed some light on > this? > > Thanks, > Joshua Lease > > _______________________________________________ > Eagle-i-admins mailing list > Eagle-i-admins at open.med.harvard.edu > https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins From jlease at hmc.psu.edu Fri May 8 15:15:17 2015 From: jlease at hmc.psu.edu (Lease, Joshua) Date: Fri, 8 May 2015 19:15:17 +0000 Subject: [Eagle-i-admins] Eagle-i-admins Digest, Vol 20, Issue 1 In-Reply-To: <54EE5A98-EA83-43D8-839C-671221E6D52A@hms.harvard.edu> References:

<54EE5A98-EA83-43D8-839C-671221E6D52A@hms.harvard.edu> Message-ID: Sophia, My description of what happens when using the functionality was misleading. Instead of doing nothing upon submitting the form, an alert appears stating that an error occurred while trying to send a message to the contact. You mentioned that the feature is only relevant when running the central search application. Does this mean that, if we wanted to use it we would need to join the eagle-i network or install our own central search in order to use the feature? My local-node.xml contains false. I removed it, but it didn't cause any change. My eagle-I-apps.properties has eaglei.search.is.central=false. Do you have any further ideas? Thanks, Joshua Lease On 5/8/15, 1:55 PM, "Cheng, Sophia Kuen" wrote: >Hi Joshua, > >The screenshot you showed is for a specific type of contact that is only >relevant when running central search. This might be a configuration >issue. One possible configuration that could lead to this is: > >- local-node.xml >==> true > >Your local-node.xml should not have the above line in it. > >Also, please check your eagle-i-apps.properties for >eaglei.search.is.central. This should either not be in the file or set to >false for institution search. > >Hope this helps. Let me know if you need further assistance. > >Cheerios, >Sophia > >> On May 8, 2015, at 8:23 AM, Lease, Joshua wrote: >> >> Admins, >> >> We've noticed a feature on our eagle-i instance that we do not know how >>to >> get working. This is the "Request this resource" feature for resources >> like biological specimens. Completing the form and submitting it results >> in the loading circle for a split second and then no change as if I had >> not pressed the button. No emails are sent. There's no errors in the >> JavaScript console or server error log either. >> >> Please see the attached screen shot for an image of the function. I'm >>not >> really sure how the functionality is supposed to work or what >> configuration it requires for it to work. Can anyone shed some light on >> this? >> >> Thanks, >> Joshua Lease >> >> >AM.png>_______________________________________________ >> Eagle-i-admins mailing list >> Eagle-i-admins at open.med.harvard.edu >> https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins > From jlease at hmc.psu.edu Thu May 14 08:24:03 2015 From: jlease at hmc.psu.edu (Lease, Joshua) Date: Thu, 14 May 2015 12:24:03 +0000 Subject: [Eagle-i-admins] Hiding Contact Names Message-ID: Admins, We have users requesting that their names not be listed for an instrument when they are the instrument's contact. This is because people can easily look up contact information based on someone's name (using our Penn State LDAP website). Does eagle-i have a feature that enables contacts to still be contacted via the 'send message to resource contact' button in the institutional search application, but not have their name be listed anywhere in the search app? Thanks Again, Joshua Lease From Sophia_Cheng at hms.harvard.edu Thu May 14 17:24:13 2015 From: Sophia_Cheng at hms.harvard.edu (Cheng, Sophia Kuen) Date: Thu, 14 May 2015 17:24:13 -0400 Subject: [Eagle-i-admins] Hiding Contact Names In-Reply-To: References: Message-ID: <11528DAC-0F1B-4B77-94F9-60BF4CB286A9@hms.harvard.edu> Hi Joshua, eagle-i does have mechanisms in place that restrict access to contact information. This is configured in the repository and is defaulted to restrict access. When access to the contact information is restricted, user contact information should not be displayed in the search application. This assumes that the user contact information has been entered in the ?Contact? field, and not in any of the free text fields (i.e. Resource Description). If you are seeing the ?Contact? field in your search application, please check the property access controls, which can be found in your repository admin site (https://open.med.harvard.edu/wiki/display/eaglei/Repository+Installation%2C+Upgrade+and+Administration+Guide#RepositoryInstallation,UpgradeandAdministrationGuide-ManagingAccessControlsonContact&"Hidden?Properties). You should see Level 1 - 4 roles and admin read-only role. If your property access controls are correctly set, could you send us a screenshot of the search page displaying the information? Feel free to blur/cross out the text of the information. We?d like to see where it is in the screen you are seeing it. Hope this helps. Cheerios, Sophia On May 14, 2015, at 8:24 AM, Lease, Joshua > wrote: Admins, We have users requesting that their names not be listed for an instrument when they are the instrument's contact. This is because people can easily look up contact information based on someone's name (using our Penn State LDAP website). Does eagle-i have a feature that enables contacts to still be contacted via the 'send message to resource contact' button in the institutional search application, but not have their name be listed anywhere in the search app? Thanks Again, Joshua Lease _______________________________________________ Eagle-i-admins mailing list Eagle-i-admins at open.med.harvard.edu https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins -------------- next part -------------- An HTML attachment was scrubbed... URL: From jlease at hmc.psu.edu Fri May 15 08:27:16 2015 From: jlease at hmc.psu.edu (Lease, Joshua) Date: Fri, 15 May 2015 12:27:16 +0000 Subject: [Eagle-i-admins] Hiding Contact Names In-Reply-To: <11528DAC-0F1B-4B77-94F9-60BF4CB286A9@hms.harvard.edu> References: <11528DAC-0F1B-4B77-94F9-60BF4CB286A9@hms.harvard.edu> Message-ID: Sophia, I've attached a screen shot of the contact access control configuration and the search page. It appears to be correctly configured? Our users are requesting that the contact name (in this case 'Contact: Lease, Joshua') does not show up (see other screenshot). Thanks, Joshua Lease From: , Sophia Kuen > Date: Thursday, May 14, 2015 at 5:24 PM To: Joshua Lease > Cc: "eagle-i-admins at open.med.harvard.edu" > Subject: Re: [Eagle-i-admins] Hiding Contact Names Hi Joshua, eagle-i does have mechanisms in place that restrict access to contact information. This is configured in the repository and is defaulted to restrict access. When access to the contact information is restricted, user contact information should not be displayed in the search application. This assumes that the user contact information has been entered in the ?Contact? field, and not in any of the free text fields (i.e. Resource Description). If you are seeing the ?Contact? field in your search application, please check the property access controls, which can be found in your repository admin site (https://open.med.harvard.edu/wiki/display/eaglei/Repository+Installation%2C+Upgrade+and+Administration+Guide#RepositoryInstallation,UpgradeandAdministrationGuide-ManagingAccessControlsonContact&"Hidden?Properties). You should see Level 1 - 4 roles and admin read-only role. If your property access controls are correctly set, could you send us a screenshot of the search page displaying the information? Feel free to blur/cross out the text of the information. We?d like to see where it is in the screen you are seeing it. Hope this helps. Cheerios, Sophia On May 14, 2015, at 8:24 AM, Lease, Joshua > wrote: Admins, We have users requesting that their names not be listed for an instrument when they are the instrument's contact. This is because people can easily look up contact information based on someone's name (using our Penn State LDAP website). Does eagle-i have a feature that enables contacts to still be contacted via the 'send message to resource contact' button in the institutional search application, but not have their name be listed anywhere in the search app? Thanks Again, Joshua Lease _______________________________________________ Eagle-i-admins mailing list Eagle-i-admins at open.med.harvard.edu https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Screen Shot 2015-05-15 at 8.25.31 AM.png Type: image/png Size: 73236 bytes Desc: Screen Shot 2015-05-15 at 8.25.31 AM.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Screen Shot 2015-05-15 at 8.23.28 AM.png Type: image/png Size: 110229 bytes Desc: Screen Shot 2015-05-15 at 8.23.28 AM.png URL: From Daniela_Bourges at hms.harvard.edu Fri May 15 09:56:54 2015 From: Daniela_Bourges at hms.harvard.edu (Bourges, Daniela) Date: Fri, 15 May 2015 09:56:54 -0400 Subject: [Eagle-i-admins] Hiding Contact Names In-Reply-To: References: <11528DAC-0F1B-4B77-94F9-60BF4CB286A9@hms.harvard.edu> Message-ID: <41B5A1B4-8846-497E-AF33-06E2F6CD2751@hms.harvard.edu> Joshua, There?s no way to hide the name of the person itself (the contact hiding feature, which you seem to have correctly configured, hides e-mails, phone numbers and addresses). A workaround would be to not use the contact field of the instrument but rather to use the "e-mail? field of the owning lab - as labs (and other organizations) can have e-mails that are not attached to contact people. However all instruments in the lab would need to have the same contact. Would this solve the issue? Cheers Daniela Dr. Daniela Bourges-Waldegg Lead Architect, Harvard Catalyst Harvard Medical School Daniela_Bourges at hms.harvard.edu skype: dbourgesw phone: 617-384-8898 (NEW) > On May 15, 2015, at 08:27, Lease, Joshua wrote: > > Sophia, > > I've attached a screen shot of the contact access control configuration and the search page. It appears to be correctly configured? Our users are requesting that the contact name (in this case 'Contact: Lease, Joshua') does not show up (see other screenshot). > > Thanks, > Joshua Lease > > From: , Sophia Kuen > Date: Thursday, May 14, 2015 at 5:24 PM > To: Joshua Lease > Cc: "eagle-i-admins at open.med.harvard.edu" > Subject: Re: [Eagle-i-admins] Hiding Contact Names > > Hi Joshua, > > eagle-i does have mechanisms in place that restrict access to contact information. This is configured in the repository and is defaulted to restrict access. When access to the contact information is restricted, user contact information should not be displayed in the search application. This assumes that the user contact information has been entered in the ?Contact? field, and not in any of the free text fields (i.e. Resource Description). > > If you are seeing the ?Contact? field in your search application, please check the property access controls, which can be found in your repository admin site (https://open.med.harvard.edu/wiki/display/eaglei/Repository+Installation%2C+Upgrade+and+Administration+Guide#RepositoryInstallation,UpgradeandAdministrationGuide-ManagingAccessControlsonContact&"Hidden?Properties). You should see Level 1 - 4 roles and admin read-only role. > > If your property access controls are correctly set, could you send us a screenshot of the search page displaying the information? Feel free to blur/cross out the text of the information. We?d like to see where it is in the screen you are seeing it. > > Hope this helps. > > Cheerios, > Sophia > >> On May 14, 2015, at 8:24 AM, Lease, Joshua wrote: >> >> Admins, >> >> We have users requesting that their names not be listed for an instrument >> when they are the instrument's contact. This is because people can easily >> look up contact information based on someone's name (using our Penn State >> LDAP website). Does eagle-i have a feature that enables >> contacts to still be contacted via the 'send message to resource contact' >> button in the institutional search application, but not have their name be >> listed anywhere in the search app? >> >> Thanks Again, >> Joshua Lease >> >> _______________________________________________ >> Eagle-i-admins mailing list >> Eagle-i-admins at open.med.harvard.edu >> https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins > > _______________________________________________ > Eagle-i-admins mailing list > Eagle-i-admins at open.med.harvard.edu > https://open.med.harvard.edu/mailman/listinfo/eagle-i-admins