Showing posts with label Plack. Show all posts
Showing posts with label Plack. Show all posts

Koha is running in CGI mode. This is a security issue!


Koha is running in CGI mode. This is a security issue! Run Koha using Plack for CSRF (cross-site request forgery) protection. More information: koha-plack --help.

This warning message appears in the Koha > About > Server Information section. Here is the reason to show the message and the solution to fix it.

Essentially, your library system is telling you that its engine is outdated and vulnerable to hackers.

The Problem

Koha is currently running on CGI. Think of CGI like an old-fashioned clerk who has to restart their entire computer every time a customer asks a single question. It’s slow, but more importantly, it lacks the security guards needed to verify that a request is legitimate.

Because of this, your system is at risk for CSRF (Cross-Site Request Forgery). This is a trick where a hacker sends a fake link that, if clicked by a librarian, could force the system to delete books or change settings without anyone realising it.

The Solution: Plack

The error message is telling you to switch to Plack. Plack is like a modern, 24/7 security team that stays "awake" and checks every visitor’s ID to make sure they aren't being tricked by a hacker.

How to fix it

Need to switch from CGI to Plack. Here are the commands to enable Plack. Here library instance name is library.

sudo koha-plack --enable library
sudo a2enmod headers proxy_http
sudo koha-plack --start library
sudo service apache2 restart

The error message will vanish, your staff pages will load much faster, and your data will be much safer from web-based attacks.
No comments:
Labels: ,

Enable Plack with Koha and improve the performance

Plack (the modern web server interface for Perl) is a performance booster for Perl web applications. Plack can improve Koha's performance across various operations. Koha is currently running via CGI (Common Gateway Interface). In this mode, the server starts a new process for every single request. While functional, it is inefficient and, more importantly, lacks the built-in security middleware required to prevent CSRF (Cross-Site Request Forgery) attacks.

Without Plack, Koha cannot properly validate that the requests coming to the server are intentional and authorised. CGI is significantly slower than Plack, which keeps the application "pre-loaded" in memory.

An attacker could trick a logged-in librarian into clicking a malicious link, which could then execute actions (such as deleting records or changing settings) without the user’s knowledge.

To resolve this, you need to enable the Plack service for your Koha instance. This is typically done via the command line on your server.

Apply the following commands after the installation of Koha:

sudo koha-plack --enable library
sudo a2enmod headers proxy_http
sudo koha-plack --start library
sudo service apache2 restart

Note: Plack creates a cache for speed. Make sure the PC has a good amount of RAM, if you are going to enable Plack.

 References
1 comment:
Labels: ,

Koha on Debian: a vanilla experience

A few days back I downloaded Debian 8 (code name "Jessie") with XFCE desktop. My aim was to install and experience the performance of Koha on Debian Jessie. I used to install Koha on Lubuntu / Xubuntu (LXDE and XFCE desktop on Ubuntu). Both Linux flavours considered as lightweight desktops;  it means they do not consume much computer resources (RAM, Processor) while working. Unity desktop is the default desktop of Ubuntu. Unity considered as resource hungry due to its graphics and visual effects (gimmicks!!). Lubuntu and Xubuntu available with toppings (user-friendly modifications and beautifications) on LXDE and XFCE desktop. In certain extend, Lubuntu and Xubuntu can offer friendly experience to new Linux users. Lubuntu/Xubuntu toppings eat little more computer resources than vanilla XFCE and LXDE.
Read more »
2 comments:
Labels: , , ,
Subscribe to: Posts (Atom)