First Search Login-- Clarification about security
Peter C. Gorman
pcgorman at facstaff.wisc.edu
Thu Jul 25 11:29:11 EDT 1996
Bill Drew writes:
>What OCLC should have done is to allow access by domain name. That is
>how Britannica Online and many other vendors do it.
Amen! Login/passwords may work for individual access, but they're a
terrible way to provide access for a large group of users, like a campus.
It's needlessly complicated for the user, and insecure as well. As Bill
writes, even if the name and password are hidden from the net at large,
it's a trivial task to get the information locally and distribute it boyond
its intended context. I'm suprised that vendors who are normally very
security-conscioous (and I don't mean to pick on OCLC specifically here)
would rely on such an unreliable method of authorization. I guess old
habits die hard - one of our vendors implemented IP-based authorization for
its web interface, but kept the password requirement anyway. They even told
us to post it on a public page.
PG
_______________________________
Peter C. Gorman
University of Wisconsin
General Library System
Automation Services
pcgorman at facstaff.wisc.edu
More information about the Web4lib
mailing list