[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Non-IP Based Institutional Subscriptions?
- To: <email@example.com>
- Subject: RE: Non-IP Based Institutional Subscriptions?
- From: Dalhousie University Libraries <dallibs@WWW.Library.Dal.Ca>
- Date: Mon, 10 Dec 2001 15:51:51 EST
- Reply-To: firstname.lastname@example.org
- Sender: email@example.com
Just a quick note on EZProxy.. EZProxy is good in terms of internal and remote ISP's having firewalls as it does not require the regular proxy port (180) to be open. We are currently investigating the possibility of implementing it here however have serious reservations about it and most likely will not implement it due to the following reason:- For ease and convenience EZProxy requires the following record to be added to the DNS (Domain Name Server) of your local network:- Server Name Server IP www.yourlibrary.com IN A 18.104.22.168 *.www.yourlibrary.com IN A 22.214.171.124 Using the first record everyone in the world knows that www.yourlibrary.com goes to the associated IP 126.96.36.199 and so all requests on your network are then routed to the machine with the IP 188.8.131.52 .. However, the second record is needed to be added to the DNS for EZProxy not requiring a seperate port for authentication, where EZProxy randomly gives a unique name for each request and so you need the * (wildcard) in front of the server name so that all those requests are again routed to your server. The problem with the above however is that imagine the repercussions of having such a record in the DNS. Now anyone in the world could have a name of the sort baduser.www.yourlibrary.com and take over your IP for their use. They could go and hack machines all over the world and the blame would come to your server or your network; would that be acceptible? The above is just one example of what could be a potential problem, however I could think up a lot more problems with this and so we are trying to convince our libraries to stick with the traditional AutoProxy, even though it may be a bit problematic with a few of the browsers around.. My 2 cents.. For the above problem with EZProxy please see:- http://www.usefulutilities.com/ezproxy/cfg/newstrategy.shtml Ashwin kutty.. Systems Administrator Dalhousie University Libraries (902) 494-2694 On Sat, 8 Dec 2001, Carole Richter wrote: > Are any of the proxy responders using EZProxy? > > Carole Richter > Electronic Resources Coordinator > University of Notre Dame Libraries > (219)631-8405 > firstname.lastname@example.org