[WEB4LIB] proxy server

[Richard L. Goerwitz III]

> It seems that the linux/squid combination is fairly easy and quick to set
> up and will fit into my budget :-).

The problems here are well known.  If you use squid as a standard proxy, your
information (including passwords) is sent clear-text.  For universities that
use a single login id and password for everything (e.g., mail, proxying), this
is a definite no-no.  If you use squid as a standard proxy, you will also run
into the problem of outside ISPs that want you to use their proxies.  And you
will also run into kiosk problem #1 (e.g., suppose a professor at a confer-
ence in Sweden wants to pick up a few quick tidbits from an IP-authenticated
journal before reading a paper; all that's available are kiosks whose settings
he or she cannot modify; with a regular proxy, there's essentially no way for
the prof. to get in).  You'll also run into kiosk problem #2, namely that with
a standard proxy, you authenticate once.  After that, anyone who comes along
after you, and uses the same kiosk, has access to everything you had access to
(unless you quit the browser, which can be a rude thing to do in some environ-
ments).

You may also end up having to play with PAC files, which again cuts out peo-
ple working at kiosks while away at other institutions (people who really
shouldn't be messing with browser settings).  PAC files are also difficult
to use in cases where your ISP wants you to use its own PAC file (and may be
firewalled to enforce connections along specific pathways).

Other solutions to the proxy problem include URL rewriters (being used by the
UVa, Harvard, etc.) and reverse proxies (what we use here at Brown).

You can read about our particular setup at:

   http://www/pub/proxydoc/Proxy.tr98.1.shtml

Richard Goerwitz
Brown University