Zebra 2.2.2-1 on Debian Bullseye allows to access
DOMAIN:ZEBRAPORT/app/etc/local.xml
which contains password and user name in clear text.
<zs:explainResponse>
<zs:version>2.0</zs:version>
<zs:record>
<zs:recordSchema>http://explain.z3950.org/dtd/2.0/</zs:recordSchema>
<zs:recordXMLEscaping>xml</zs:recordXMLEscaping>
<zs:recordData>
<explain xml:base="../../zebradb/explain-biblios.xml">
<!--
try stylesheet url: http://./?stylesheet=docpath/sru2.xsl
-->
<serverInfo protocol="SRW/SRU/Z39.50">
<host>localhost</host>
<port>9999</port>
<!--
<database numRecs="1314" lastUpdate="2006-03-15 09-05-33">
Default</database>
-->
<database>biblios</database>
<!--
<authentication>
<user>xxxxxxxxxxx</user>
<group>xxxxxxxxxxx</group>
<password>xxxxxxxxxxxx</password>
</authentication>
-->
</serverInfo>If SRU is enabled, then the path would be DOMAIN/sru/etc/local.xml with the following standard Apache2 lines. This might be accessible world wide if you use SRU.
ProxyPass /sru/ http://localhost:ZEBRAPORT/
ProxyPassReverse /sru/ http://localhost:ZEBRAPORT/
We're using Zebra together with Koha 22.11.
Zebra 2.2.2-1 on Debian Bullseye allows to access
DOMAIN:ZEBRAPORT/app/etc/local.xmlwhich contains password and user name in clear text.
If SRU is enabled, then the path would be DOMAIN/sru/etc/local.xml with the following standard Apache2 lines. This might be accessible world wide if you use SRU.
We're using Zebra together with Koha 22.11.