[WEB4LIB] RE: Only 1 IP - expanded discussion and description

Edward Spodick, HKUST Library, 2358-6743 lbspodic at ust.hk
Tue May 16 21:18:24 EDT 2000


At 11:22 AM -0700 16/5/00, Masters, Gary E wrote: 
>Our solution is to list
>all of these links on a page that only our staff can get to by their user
>name, password and domain.  I think it is good enough.

Well, I remember reading of a few sites who negotiated an arrangement with their vendor(s) for access to be permitted based not on the IP address, but on the HTTP_REFERER HTTP environmental variable.  Their user would go to a page requireing password authentication, much like yours, and then select the appropriate link.  The vendor's system would only accept the connections from your site which were coming directly from that authentication page.

I never really liked this solution, but it may be just what you need.  I am not at all sure it is very secure from spoofing, but it would certainly be better than what you have now.

-Edward Spodick, HKUST Library

- - - - -
Edward F Spodick, Systems Librarian - lbspodic at ust.hk
Hong Kong University of Science & Technology Library
tel:  852-2358-6743     fax:  852-2358-1043


More information about the Web4lib mailing list