Re Automating CGI access transactions...

Ernest Perez, Oregon State Library perez at OPAC.OSL.STATE.OR.US
Mon Jan 29 17:18:18 EST 1996 

Subj:     Re: Automating CGI logons - clarification & further question

Our environment  is that we have licensed databases and services which have
heretofore run under Lynx (hosted session) control.  Some would be telnet, but
others would be under a Webbed Forms interface.  We want to secure access, yet
make it easy for authorized, passworded, users.  Ergo, I'd prefer such a user to
only have to input his/her username & password once for a given session.

I've seen this kind of thing out on the net, where you enter access codes once,
and can then conduct an "authorized access" session via the Web interface.
E.g., NLIGHTN.  [This despite the fact that HTTP is a "connectionless protocol"]

With these systems, I infer that a user inputs authorized username & password,
and that the system then assigns a temporary access clearance to allow access
from the originating IP.  ??

Can anyone provide info or reference to someone who's doing this kind of thing
with WebStar & Applesearch?

>
>Charles Blair <chas at nirvana.lib.uchicago.edu> provides a good discussion
>of how to set up a proxy telnet server that would allow security checks.
>It occurs to me that there is another approach in some environments,
>those that support one-time-only passwords.  One could imagine a form
>and CGI script that obtained information from the user, generated a
>one-time-only password, and returned an HTML redirect to the appropriate
>telnet destination, e.g.:
>    telnet://user:password@host.dom.edu
>For this to work, we would need (a) a browser capable of handling telnet
>or rlogin URLs that included both a user name and password, and (b)
>a service that supports one-time-only passwords (note that without 1-t-o
>passwords, such a redirection would reveal the password to the user).
>
>Does anyone have any experience with implementing such a scheme?  What
>browsers and services satisfy the requirements I've outlined?
>
> JQ Johnson                       office: 115F Knight Library
> Academic Education Coordinator   Internet: jqj at darkwing.uoregon.edu
> 1299 University of Oregon        voice: 541.346.1746
> Eugene, OR  97403-1299           fax: 541.346.3485





More information about the Web4lib mailing list