authentication, proxy servers, etc.

Dan Lester dan at 84.com
Tue Apr 13 18:52:06 EDT 1999 

I think that I may have confused some folks and/or some issues here, and 
will try to clear them up now.

Proxy servers:
1. We do NOT do authentication of remote users by means of a proxy 
server.  More on that below.
2. We DO use a proxy server to "filter" our public workstations access to 
the net.  3. We do NOT filter on content (nasty, violent, etc.), but DO 
filter on function.
4. Specifically, we block sites that provide web based chat, web based 
email, and web based game playing.  Our university students can do those 
things at other places on campus, but that isn't the function of the 
limited number of web stations (43) in the library.  These same stations 
also provide access to some CDROM databases and our library online catalog.
5. We use, and are very happy with, WinProxy, from www.winproxy.com  They 
have an educational discount and unlimited licensing.  It is very 
affordable and runs on any Win9x or WinNT box.  Ours runs on the same box 
as the web server, just on a different port.  We're aware of other products 
for these platforms and others, and have tested some of them.
6. The list of sites we block is available to anyone at 
www.84.com/blacklist.htm and anyone is welcome to use it.  I simply solicit 
additions, corrections, or deletions as you find them.  That list is 
updated from time to time, and should be updated later this week.
7. The proxy server logs are analyzed from time to time with WebTrends, 
another package we're very pleased with (www.webtrends.com)  You can see 
some typical log information analyses at 
http://lester.boisestate.edu/proxy.htm  These give reference and collection 
development folks an idea of the kinds of things patrons are looking for 
and are of some value.  The tabulation of search terms is useful, as well 
as the list of visited sites.

Remote user authentication:
1. The databases we provide access to are shown at 
http://library.boisestate.edu/indexes.htm
2. The on campus access is controlled by ip blocking on the part of the 
provider (except for those such as Medline and ERIC that don't require any).
3. The vendors that permit access by authenticated remote users provide us 
with appropriate logins and/or passwords.
4. The "off campus" links to the databases connect to pages that request 
the user to provide an ID number (currently SSN, but to be different in the 
future) and phone number (to be replaced by a PIN in future)
5. The form is submitted to a perl script that telnets to our online 
catalog.  A perl script on the online catalog server takes the queries, 
sends them to the patron database, and returns the patron record.  If the 
data elements match, the perl script on the web server redirects the user's 
browser to the vendor's appropriate page/script to login the user.
6. The vendor's URL, login and password do not show in the browser window, 
so they, and we, are pleased with the security.
7. The perl script on the web server also writes a minimalist log (date, 
time, and database authorized) so that we can get some idea of how much use 
the remote users provide.
8. Several of you have requested additional information and/or a test login 
to try the system out.  If I don't get to you within the next day or so, 
please ask again.  I respond well to nagging.  Really.  And, others are 
welcome to request more information as well.

Finally, NOTE that I'm not interested in discussing "how I could have done 
it better or cheaper or faster with Linux, on a Mac, or with a Gameboy".  I 
don't do platform warfare, software warfare, or religious warfare (all, of 
course, are really the same thing).  I'm not saying this is the ONLY way or 
the RIGHT way.  I'm simply saying it works for us, and if our experience 
can help you, great.  If not, that's fine too.

cheers

dan




--
Good, Fast, and Cheap: Which two of the three would you like?
Dan Lester, 3577 East Pecan, Boise, ID 83716 USA 208-383-0165
dan at 84.com   http://www.84.com/  http://www.idaholibraries.org/
http://library.boisestate.edu/   http://www.lili.org/  http://www.postcard.org/

More information about the Web4lib mailing list