Security considerations

By default, all components of dmBridge are fully exposed to the public. This gives anyone on the Internet the ability to use data from your digital collections in their own applications, mashups, etc. This might seem cause for alarm, but actually, everyone on the Internet has already had this ability, either by harvesting your OAI-PMH content, or by screen-scraping your templates. Little, if any, information that was previously private is made public by the dmBridge HTTP API; it has just been made more convenient to access programmatically.

Still, some users might wish to restrict their HTTP API, for whatever reason. There is no built-in provision for access controls built into the HTTP API component itself. We recommend that you use the access control features built into your web server to restrict access to URI paths matching the HTTP API based on IP address. (All HTTP API URI paths begin with api.)