Alternate approach to FirstSearch scripting (corrected copy)

Wilfred (Bill) Drew drewwe at snymorva.cs.snymor.edu
Fri Apr 5 12:08:00 EST 1996


Here is a description and html coding for the secure FirstSearch Web page I set up.
OCLC may not approve of this since one of the users could get the password and account 
information by "viewing the source" but that is no less secure than giving out the authorization 
and password to your users.  We had to do it this way because the script and program furmished by 
OCLC does not compile properly on a VMS system.  This type of coding could be extended to other 
services that require login and password.  The most important thing to remember is to put it in a 
directory available to only your local users.  Most WWW servers support such directories.

The document below is also available at:

gopher://slscva.ca.sunycentral.edu:70/00gopher_root%3A%5B
000000._LAIP_INFO._LAIP_DOCS._MEM_CONTRIbS%5Dbill.txt

The above URL must be typed all on one line.

===================================================================
Below you will find the html coding for the WWW connection
from our FirstSearch Page.
                     
This page is in a secure location on our server so that only users in our
snymor.edu domain can get to it.  I have replaced the authorization and
password with dummy text.
---------------------------HTML Code follows-----------------------------------
<H2>The new FirstSearch<sup>&#174;</sup> Web Service
</H2>
<P>Click on  ( or highlite) the [Connect to FirstSearch Web] button. Use this
if you are using Netscape or another graphics based browser.

<!--- The FORM METHOD must all be on one line.  It is on two lines here for
ease of reading--->
<FORM METHOD=POST ACTION=
http://www.ref.oclc.org:2000/FUNC/LOGIN:next=html/fs_dbs.htm
:sessionid=0:entityProductName=FirstSearch>

<input type=SUBMIT value="Connect to FirstSearch Web">
<input SIZE=12 type=hidden name="autho" value="###-###-###">
<!---Replace "###-###-###" with your authorization number --->
<input SIZE=12 type=hidden name="password" value="#$%@^&*">
<!--- Replace "#$%^&*" with your password--->
</form>
------------------end of HTML coding-----------------------

The page you place this text in MUST be in a SECURE directory accessible only
to your authorized users.  Almost all httpd servers have such a function
available that would restrict either to a particular group of local internet
addresses or to a particular group of users.

--
Wilfred Drew (Call me "Bill") Serials/Reference/Systems Librarian
SUNY College of Ag. & Tech.;   P.O. Box 902;  Morrisville, NY 13408-0902
Internet: DREWWE at SNYMORVA.CS.SNYMOR.EDU
Phone: (315)684-6055 or 684-6060 Fax: (315)684-6115
New Homepage: http://www.snymor.edu/~drewwe/
--


More information about the Web4lib mailing list