Telnet to circ module?

Charles F. Bearden cbearden at ruf.rice.edu
Wed Jul 15 10:42:43 EDT 1998


On Tue, 14 Jul 1998, Karen G. Schneider wrote:

> O.k., I know this question needs to go to ATLAS-L... it will go there
> too... but it's  a question with a web4lib nuance, other protocols than
> http being web-accessible as well.  I'm wondering what folks have to say
> about connecting to a circulation module over the Internet, via telnet,
> versus a dedicated line to the OPAC.  We began discussing this in these
> parts as an alternative due to the far-flung distance of some member
> libraries in the consortium (ours, in particular, but we aren't alone in
> wondering about this) combined with the opportunities for lower-cost
> Internet access in the immediate area.  The concerns raised were
> specifically about security of the circulation data.  The concern was
> expressed that if we are connecting to the circ module via telnet, people
> could, if they wanted to, spy on the data passing to and fro.  Needless to
> say, we wouldn't want that.  I am not expert enough in the telnet protocol
> to confirm or debunk that concern, or propose methods for addressing the
> concern.  If you're wondering, it's a DRA system, and we are just beginning
> to link to records in the mother database... so we have a good six months
> to ponder this issue.  People have also raised the question of whether the
> Internet connection would be as stable as a dedicated line, or at least
> stable enough not to preclude this approach... I have felt (though I could
> be wrong) that was a separate question that only experience with the area
> providers (and perhaps experience overall) could answer.
> _________________________________________________________
> Karen G. Schneider |  kgs at bluehighways.com http://www.bluehighways.com

To be sure, data sent by normal telnet applications is unencrypted, 
so that anyone with a foothold on a properly positioned machine on 
either the source or destination networks would be in a position to 
capture your traffic.  Getting into such a position does typically 
require some skill and effort, and probably some luck as well, however, 
and if your networks & hosts are well-tended, it is not necessarily a 
simple matter.

Nonetheless, I would recommend some kind of encryption scheme, such 
as virtual private network.  John Morris has also mentioned secure 
shell (ssh).  There are free versions for Unix/Linux platforms, and 
Datafellows (makers of F-Prot virus protection) sell versions for 
PC & Mac:

  http://www.datafellows.com/f-secure/fclintp.htm

If DRA can't be made to work directly with ssh, you could probably 
use the port-forwarding features of it to create a mini-VPN, for 
instance by forwarding connections to your local machine on port 
4433 to the remote machine's port 23 (telnet), so that if you 
telnet to localhost 4433 you are actually connecting to remote 
host on port 23 over an encrypted connection.  See the ssh home 
page and FAQ page for more information:

  http://www.cs.hut.fi/ssh/
  http://www.uni-karlsruhe.de/~ig25/ssh-faq/
  http://www.tac.nyc.ny.us/~kim/ssh/

I hope this helps.


:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Chuck Bearden                                   cbearden at rice.edu
Electronic Resources Librarian    
Fondren Library--MS44                        713 / 527-8101 x3634
Rice University                              713 / 737-5859 (fax)
P.O. Box 1892
Houston, TX 77251-1892
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::




More information about the Web4lib mailing list