[WEB4LIB] Re: Impact of statewide database deals?

Thomas Dowling tdowling at ohiolink.edu
Sun Apr 22 11:09:31 EDT 2001


> > It's becoming relatively common lately for a state to provide
> > central funding for access to full text databases for all the
> > state's residents.
>
> I've been wondering how states doing this are providing remote
> access?  And what about the issue of authentication?
>

OhioLINK recently started hosting its first service open to both OhioLINK's
(academic) members and Ohio public library users.  My perception is that the
answer to the first question is, "Poorly."  And to the second question:
"Well enough to satisfy some not very demanding or ill-informed vendors."
In other words, referer authentication.  OPLIN, the state public library
consortium, provides a login function that does a one-time lookup against a
user database and on success take users to a page with a link to Database X.
X's service provider then allows access to anyone whose user agent sends
that URL as its REFERER header.

In other other words, access is available to anyone who A) knows the correct
Referer, B) knows the URL to send it to, C) has a telnet client, and D)
wants access badly enough to learn one grade D hacking trick.

Thomas Dowling
Ohio Library and Information Network
tdowling at ohiolink.edu



More information about the Web4lib mailing list