[OPEN-ILS-DEV] Staff Client Port

Jason Etheridge phasefx at gmail.com
Thu Oct 4 14:46:01 EDT 2007


On 10/4/07, Karen Collier <kcollier at kent.lib.md.us> wrote:
> Those sound like good options to consider.  I think our tech guy was also
> wondering if Evergreen is or could be set up to limit staff client access to
> specified IP addresses.  Is that an option, with the way Evergreen operates?

If you run two gateway services, one for the OPAC, and one for the
client, then you can do some filtering within the OPAC gateway to keep
it away from API it doesn't need (currently this is very coarse, but
we could make it fine-grained), and with the client gateway, you can
setup Apache to serve only to a specific set of IP's or IP ranges.

But even if a hacker can get at some API, he or she will still need an
Evergreen account with sufficient permissions to do whatever it is
they want to do.  That's where the real vigilance is needed in my
opinion: keeping staff from working on unsecure machines, from sharing
accounts and passwords, and making them separate their work accounts
from their patron accounts, etc.

Thanks Karen!

-- 
Jason Etheridge
 | VP, Community Support and Advocacy
 | Equinox Software, Inc. / The Evergreen Experts
 | phone:  1-877-OPEN-ILS (673-6457)
 | email:  jason at esilibrary.com
 | web:  http://www.esilibrary.com


More information about the Open-ils-dev mailing list