proxy servers--reply

Sue Dentinger dentin at macc.wisc.edu
Fri Jun 19 14:20:42 EDT 1998


Hello

I just wanted to comment that Richard is correct below that the UW Madison
Electronic Library off-campus proxy service sends userids and passwords in an
unencrypted form from the web client to the proxy server.  We implemented this
very popular service in January 1998 with the expected phase 2 enhancement of
using SSL to encrypt userids and passwords over the wire to a secure web
server.  For right now, we're delighted with our freely available Squid proxy
server software.  

Our campus is in the process of installing software this summer to provide
better encryption of userids and passwords for user accounts.  Given that we do
not proxy everything, only a specific subset of read-only library resources,
making this very popular service available was a higher priority than worrying
about someone sniffing the wire for userids and passwords.  We use a very
simple userid and password scheme based on a persons campus ID and their last
name as you can see from our documentation. There are far easier ways to obtain
valid userids and passwords on this campus than monitoring network traffic. 
But we do expect to provide this tighter security in the future.

Cheers,

--Sue Dentinger

>Date: Wed, 17 Jun 1998 20:04:17 -0700
>From: "Richard L. Goerwitz III" <richard at goon.stg.brown.edu>
>Reply-To: richard at goon.stg.brown.edu
>Sender: web4lib at library.berkeley.edu
>Subject: proxy servers
>To: Multiple recipients of list <web4lib at library.berkeley.edu>
>Originator: web4lib at library.berkeley.edu
>X-Comment: Web4Lib Information - http://sunsite.berkeley.edu/Web4Lib/
>
>lydia wrote:
>
>> > We have a number of web based periodical databases (IAC, SIRS, etc.)
>> > to which we need to provide remote access for our students and
>> > faculty.
>>
>> The short answer is that what you're talking about here is setting up
>> a proxy server, and that it's a non-trivial task.
>
>If there's a problem here, it's developing the documentation, support,
>and administrative infrastructure.  A decent systems administrator could
>get a proxy server set up on a virgin machine in an hour or two.  Tuning
>it might take a week at most.  This is the trivial part.
>
>> see
>>
>>   http://www.library.nwu.edu/help/proxy/
>>   http://proxy.library.upenn.edu/
>
>Add to this:
>
>  http://www.lib.uci.edu/home/online/proxy.html
>  http://www.library.wisc.edu/help/remote/remote_restrict.html
>
>There are many others as well.
>
>As I've discussed in an earlier posting, these proxy services all use
>plain-text authentication, which is unacceptable for many institutions
>(including mine).
>
>-- 
>
>Richard Goerwitz
>PGP key fingerprint:    C1 3E F4 23 7C 33 51 8D  3B 88 53 57 56 0D 38 A0
>For more info (mail, phone, fax no.):  finger richard at goon.stg.brown.edu
>  
------------------------------------------------------
Sue Dentinger			 dentin at doit.wisc.edu
UW Madison Libraries		 Automation Help Desk
(608) 263-3250			 312F Memorial Library


More information about the Web4lib mailing list