How to prevent downloading track data?
Lin, Xiao
Dear UCSC Genome Browser team,
We are trying to share a track hub with our collaborators. All configuration and data files are hosted in our web server. The users can browser the track data via UCSC Genome Browser via the path to the hub.txt file. With that path, anyone who is familiar with track hub is able to get the path of trackDB.txt, and thus the path to the track data. But we don’t want them to download the track data. Do you have any suggestion on the issue?
Thanks for your help!
Best,
Xiao
Department of Psychiatry
Icahn School of Medicine at Mount Sinai
Daniel Schmelter
Hello Xiao,
Thank you for contacting the Genome Browser with your question about removing data access privileges with your hub.
There are two components to making sure your data is not downloadable. The first is to restrict access to the hub source files to only the UCSC IP addresses (for display) using a firewall. Server administrators are likely to understand how to set up this firewall. You may want to include your own IP addresses too. You can find a list of our IP addresses that will need access here:
http://genomewiki.ucsc.edu/index.php/Public_Hub_Guidelines#Connection_issues.3F
The second component is to add the following trackDb setting, which will limit or remove access to our integrated data query/ download tool, Table Browser:
tableBrowser off
You can read more about this setting at the following link:
https://genome.ucsc.edu/goldenPath/help/trackDb/trackDbHub.html#tableBrowser
I hope this was helpful. If you have any more questions, please reply-all to gen...@soe.ucsc.edu. All messages sent to that address are publicly archived. If your question includes sensitive data, please reply-all to genom...@soe.ucsc.edu.
All the best,
Daniel Schmelter
UCSC Genome Browser
--
---
You received this message because you are subscribed to the Google Groups "UCSC Genome Browser Public Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to genome+un...@soe.ucsc.edu.
To view this discussion on the web visit https://groups.google.com/a/soe.ucsc.edu/d/msgid/genome/DM6PR03MB51932CDB9D44B57E6E835FDDFA819%40DM6PR03MB5193.namprd03.prod.outlook.com.
Lin, Xiao
Hi Daniel,
Thanks for the suggestions and I think we have an idea how to get it work now.
Just for an unrelated issue, when we were trying to connect to our own hub this morning, the connection didn’t really work. I then check our address using the hubCheck utility and it showed the following error, which was something I haven’t seen before.
“BIO_do_handshake() failed
SSL error: tlsv1 alert protocol version”
Do you have any idea about this issue?
Thanks!
Best,
Xiao
From: Daniel Schmelter <dsch...@ucsc.edu>
Sent: Tuesday, October 26, 2021 7:25 PM
To: Lin, Xiao <xiao...@mssm.edu>
Cc: gen...@soe.ucsc.edu
Subject: Re: [genome] How to prevent downloading track data?
|
USE CAUTION: External Message. |
Daniel Schmelter
Hello Xiao,
We do not know specifically why you are seeing that error when using your hub URL. It appears to be a server configuration issue on your end. One of our engineers shares that it could be that your web server is configured to reject the older SSL versions. Another engineer shares the following link, suggesting your http server may have configuration issues since TLS protocol negotiation fails:
https://codefetti.com/how-to-fix-tlsv1-alert-protocol-version/
If you would like further assistance, could you please share your hub URL? This will allow us to see what you are seeing. You can share this privately if you prefer, to genom...@soe.ucsc.edu.
I hope this was helpful. If you have any more questions, please reply-all to gen...@soe.ucsc.edu. All messages sent to that address are publicly archived. If your question includes sensitive data, please reply-all to genom...@soe.ucsc.edu.
All the best,
Daniel Schmelter
UCSC Genome Browser
Lin, Xiao
Hi Daniel and the UCSC team,
Thanks a lot for the suggestions! The SSL certificate of our web server recently expired. So I replaced it with a new one, which allows me to browse the hub.txt file (https://pintolab04.mssm.edu/hub_test/tracks/hub.txt) in my web browser without showing the unsecure warning. However, it is not able to connect with UCSC Genome Browser. It would be great if you could help to take a look at the issue.
Daniel Schmelter
Thank you for sharing your hub URL with us. It appears that your server configuration has an old version of SSL certificates that need to be updated in order for our site to read that data. While it is accessible on a web browser, it cannot be programmatically accessed with standard "wget" or "curl" commands.
ERROR: cannot verify pintolab04.mssm.edu's certificate, issued by ‘CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US’:
curl: (60) SSL certificate problem: unable to get local issuer certificate
Please bring this çertificate issue up with your system administrators and ask that they update their security. This is important for us because it prevents man-in-the-middle attacks on our servers. I hope they understand and can fix this problem for you.
All the best,
Daniel Schmelter
UCSC Genome Browser
Lin, Xiao
Hi Daniel,
Thanks for checking on the issue. It was indeed an SSL certificate issue.
Thanks again for teaching me!