First Search Login-- Clarification about security
Alejandro Garza Gonzalez
agarza at ci.mty.itesm.mx
Thu Jul 25 16:41:16 EDT 1996
Re: Logins/IP authentication...
Simple:
Use both. Use IP authent. for known IP addresses, logins/passwords for all
others. It's simple enough to do, and much better for the end user.
_ alejandro garza _________________ __ _ _ _ _
ITESM Centro de Informacion-Biblioteca Monterrey
agarza at campus.mty.itesm.mx
_ http://www-cib.mty.itesm.mx/ ____ __ _ _ _ _
On Thu, 25 Jul 1996, Mack Lundy wrote:
> Bill Drew writes:
> >What OCLC should have done is to allow access by domain name.
> >That is how Britannica Online and many other vendors do it.
>
> Peter C. Gorman writes:
>
> >Amen! Login/passwords may work for individual access, but they're
> >a terrible way to provide access for a large group of users, like
> >a campus. It's needlessly complicated for the user, and insecure
> >as well.
>
> I would like to point out that validation by domain is only good
> when everyone is coming from a known set of domains. I don't know
> about the rest of the country, but in Virginia we are seeing
> educational institutions outsourcing Internet services. This is
> on top of faculty and students who have already contracted with an
> ISP. They expect to be able to access, from off-campus,
> everything they can access on campus. We can't do ip validation
> in this situation. The problem becomes even worse if access to a
> service such as Britannica Online is through a consortium; now you
> have lots of domains and who knows how many possible ISPs
> providing Internet access.
>
> Mack
> Mack A. Lundy III e-mail: mack at mail.swem.wm.edu
More information about the Web4lib
mailing list