Script to configure browser for proxy?

[JQ Johnson]

I'd like to urge some caution in scripts (and for that matter
instructions) that configure people's proxy servers for them.  It's very
easy to produce instructions that seem to work in some cases but that have
side effects or that don't work in general.  A simple script has the
danger of giving the impression that it is more robust than it's actually
likely to be.

As an example, consider the problem of setting up a proxy server for a
user with MSIE 5.01.  At least in some default configurations I've seen,
MSIE was configured so that the "Local Intranet" security zone was set to
low security AND the list of sites included the checkbox "include all
sites that bypass the proxy server".  That might be fine if there was no
proxy server configured, but now suppose the library encourages a patron
to use a proxy server for its site-licensed databases (via a
Netscape-style automatic configuration script, perhaps), where the
proxy.pac file indicates that the library proxies ONLY those databases.
The user follows instructions and enters the URL in the automatic
configuration box.  All of a sudden the user finds that she is surfing
insecurely, and it's the library's fault that the security controls that
the user applied to the Internet zone didn't protect her from some
malicious javascript or something.

JQ Johnson                      Office: 115F Knight Library
Academic Education Coordinator  mailto:jqj at darkwing.uoregon.edu
1299 University of Oregon       phone: 1-541-346-1746; -3485 fax
Eugene, OR  97403-1299          http://darkwing.uoregon.edu/~jqj/