[WEB4LIB] Re: Intranets and IP authentication and bears, Oh my!
Dan Lester
dan at riverofdata.com
Thu Dec 21 18:02:07 EST 2000
Thursday, December 21, 2000, 2:00:23 PM, you wrote:
JC> If the database is dynamic, you could build the Yes/No determination right
JC> into the database. For instance, if the database was presented in an HTML
JC> format, and you had Server Side Includes (SSI) turned on on your
JC> webserver, you could use a simple SSI command to say "If the internal IP
JC> address is in the CDRH range, give them the URL to the selected database
JC> (maybe with an embedded userid / password redirect), Otherwise, print the
JC> name of the journal and then 'for CDRH use only'".
Something similar is described at
http://www.riverofdata.com/tools/authentication.htm
To increase the security and solve the problem cited below, this
article describes the use of frames of size zero to conceal the URL of
the site to which the user is redirected. No, it isn't perfect
security, but it improves it enough to eliminate problems.
JC> Neither of these keeps someone from getting the userid / password once
JC> during a legitimate session, and using them other times (unless you use
JC> referring URL on the vendor's end), but it does keep the accidental use
JC> down..
Some of our vendors also use referring URL, which seems to me to be
the ideal way for them to handle it.
Happy holidays
dan
--
Dan Lester, Data Wrangler dan at RiverOfData.com
3577 East Pecan, Boise, Idaho 83716-7115 USA
www.riverofdata.com www.postcard.org www.gailndan.com
More information about the Web4lib
mailing list