Alterate approach to FirstSearch scripting

Wilfred (Bill) Drew drewwe at snymorva.cs.snymor.edu
Fri Apr 5 11:40:38 EST 1996


Here is a description and html coding for the secure FirstSearch Web page I set up.
OCLC may not approve of this since one of the users could get the password and account information 
by "viewing the source" but that is no less secure than giving out the authorization and password 
to your users.  We had to do it this way because the script and program does not compile properly 
on a VMS system.  This type of coding could be extended to other srvces that require login and 
password.  The most important thing to remeber is to put it in a directory avaialbe to only your 
local users.  Most WWW servers support such directories.

The document below is also available at:

gopher://slscva.ca.sunycentral.edu:70/
00gopher_root%3A%5B000000._LAIP_INFO._LAIP_DOCS._MEM_CONTRIbS%5Dbill.txt

The above URL must be typed all on one line.

===================================================================
Below you will find the html coding for the WWW connection 
from our FirstSearch Page.  
                     
This page is in a secure location on our server so that only users in our 
snymor.edu domain can get to it.  I have replaced the authorization and 
password with dummy text.
---------------------------HTML Code follows-----------------------------------
<H2>The new FirstSearch<sup>&#174;</sup> Web Service
</H2>
<P>Click on  ( or highlite) the [Connect to FirstSearch Web] button. Use this
if you are using Netscape or another graphics based browser.

<!--- The FORM METHOD must all be on one line.  It is on two lines here for 
ease of reading--->
<FORM METHOD=POST ACTION=
http://www.ref.oclc.org:2000/FUNC/LOGIN:next=html/fs_dbs.htm
:sessionid=0:entityProductName=FirstSearch>

<input type=SUBMIT value="Connect to FirstSearch Web">
<input SIZE=12 type=hidden name="autho" value="###-###-###">
<!---Replace "###-###-###" with your authorization number --->
<input SIZE=12 type=hidden name="password" value="#$%@^&*">
<!--- Replace "#$%^&*" with your password--->
</form>
------------------end of HTML coding-----------------------

The page you place this text in MUST be in a SECURE directory accessible only 
to your authorized users.  Almost all httpd servers have such a function 
available that would restrict either to a particular group of local internet 
addresses or to a particular group of users.  

--
Wilfred Drew (Call me "Bill") Serials/Reference/Systems Librarian
SUNY College of Ag. & Tech.;   P.O. Box 902;  Morrisville, NY 13408-0902
Internet: DREWWE at SNYMORVA.CS.SNYMOR.EDU
Phone: (315)684-6055 or 684-6060 Fax: (315)684-6115
New Homepage: http://www.snymor.edu/~drewwe/
--


More information about the Web4lib mailing list