First Search Login-- Clarification about security

Alejandro Garza Gonzalez agarza at ci.mty.itesm.mx
Thu Jul 25 16:41:16 EDT 1996


Re: Logins/IP authentication...

Simple: 

Use both. Use IP authent. for known IP addresses, logins/passwords for all
others. It's simple enough to do, and much better for the end user. 

_ alejandro garza _________________ __ _ _  _    _
  ITESM Centro de Informacion-Biblioteca Monterrey
  agarza at campus.mty.itesm.mx
_ http://www-cib.mty.itesm.mx/ ____ __ _ _  _    _ 

On Thu, 25 Jul 1996, Mack Lundy wrote:

> Bill Drew writes:
> >What OCLC should have done is to allow access by domain name.  
> >That is how Britannica Online and many other vendors do it.
> 
> Peter C. Gorman writes:
> 
> >Amen! Login/passwords may work for individual access, but they're 
> >a terrible way to provide access for a large group of users, like 
> >a campus. It's needlessly complicated for the user, and insecure 
> >as well.
> 
> I would like to point out that validation by domain is only good 
> when everyone is coming from a known set of domains.  I don't know 
> about the rest of the country, but in Virginia we are seeing 
> educational institutions outsourcing Internet services.  This is 
> on top of faculty and students who have already contracted with an 
> ISP.  They expect to be able to access, from off-campus, 
> everything they can access on campus.  We can't do ip validation 
> in this situation.  The problem becomes even worse if access to a 
> service such as Britannica Online is through a consortium; now you 
> have lots of domains and who knows how many possible ISPs 
> providing Internet access.
> 
> Mack
> Mack A. Lundy III		e-mail: mack at mail.swem.wm.edu


More information about the Web4lib mailing list