[OPEN-ILS-DEV] Staff Client Port

Karen Collier kcollier at kent.lib.md.us
Thu Oct 4 14:21:42 EDT 2007


Those sound like good options to consider.  I think our tech guy was also
wondering if Evergreen is or could be set up to limit staff client access to
specified IP addresses.  Is that an option, with the way Evergreen operates?

Thanks,
Karen

-----Original Message-----
From: Jason Etheridge [mailto:phasefx at gmail.com] 
Sent: Thursday, October 04, 2007 11:28 AM
To: kcollier at kent.lib.md.us; open-ils-dev at list.georgialibraries.org
Subject: Re: [OPEN-ILS-DEV] Staff Client Port

On 10/4/07, Karen Collier <kcollier at kent.lib.md.us> wrote:
> This raises another question though.  What kind of security is there 
> to keep hackers out of the staff client if you can't just firewall it 
> off, since it uses the same ports as the OPAC which the public is supposed
to get to?

Hi Karen,

Anything "dangerous" such as retrieving or changing patron data requires
both authentication and authorization (you have to login with sufficient
permissions).

You'll need to protect your client workstations the same way you would need
to for any application, from such things as keystroke loggers.
However, you should be relatively immune from network attacks like packet
sniffing and man-in-the-middle intercepts, since the client and server
encrypts anything sensitive with industry-standard SSL.  You'll just need a
SSL certificate from an authority that the client recognizes (and you could
self-sign and add yourself as an authority to your deployed clients).

The OPAC and the staff client are both applications that speak the same
Evergreen language, and use the same permission and authentication systems.
However, you could conceivably segregate the traffic by a number of means,
and filter certain types of requests from going through the OPAC gateway and
layering additional authentication upon the client gateway (for example, you
could require access through a VPN).

Let me know if this answers your question!

--
Jason Etheridge
 | VP, Community Support and Advocacy
 | Equinox Software, Inc. / The Evergreen Experts  | phone:  1-877-OPEN-ILS
(673-6457)  | email:  jason at esilibrary.com  | web:
http://www.esilibrary.com





More information about the Open-ils-dev mailing list