How can we improve Rosetta?

make passwords configurable, create password exchange infrastructure

For compliance purposes and as a lesson learned from SC 00560356, I suggest improving the documentation and configurability of passwords throughout subsystems of Rosetta installations.

I suggest creating and maintaining a KB article on how and where to change passwords for:
- System user "dps"
- System user "oracle"
- Oracle user "sys"
- default Rosetta user "admin1" (John Smith)
- Cantaloupe Image Server user "admin" (changeable by configuring ".../system.dir/thirdparty/tomcat/rosetta-webapps/cantaloupe.war/cantaloupe.properties")
- Solr user
- Rosetta console UI user

The passwords for Solr and the Rosetta console UI cannot be changed at the moment (Rosetta 5.5.0.0); I suggest considering changes to enable institutions to set their own passwords.

Furthermore, I suggest that ExLibris set up suitable infrastructure for exchanging passwords securely. GPG-encrypted mail or a public write-only (!) storage would be suitable candidates, SupportCase comments (that might be publicly readable) and encrypted mobile instant messaging services like Signal (that often involve personal accounts/devices) are certainly not.

1 vote
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Jörg Sachse shared this idea  ·   ·  Admin →

    0 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base