On 10/4/07, Karen Collier <[EMAIL PROTECTED]> wrote: > This raises another question though. What kind of security is there to keep > hackers out of the staff client if you can't just firewall it off, since it > uses the same ports as the OPAC which the public is supposed to get to?
Hi Karen, Anything "dangerous" such as retrieving or changing patron data requires both authentication and authorization (you have to login with sufficient permissions). You'll need to protect your client workstations the same way you would need to for any application, from such things as keystroke loggers. However, you should be relatively immune from network attacks like packet sniffing and man-in-the-middle intercepts, since the client and server encrypts anything sensitive with industry-standard SSL. You'll just need a SSL certificate from an authority that the client recognizes (and you could self-sign and add yourself as an authority to your deployed clients). The OPAC and the staff client are both applications that speak the same Evergreen language, and use the same permission and authentication systems. However, you could conceivably segregate the traffic by a number of means, and filter certain types of requests from going through the OPAC gateway and layering additional authentication upon the client gateway (for example, you could require access through a VPN). Let me know if this answers your question! -- Jason Etheridge | VP, Community Support and Advocacy | Equinox Software, Inc. / The Evergreen Experts | phone: 1-877-OPEN-ILS (673-6457) | email: [EMAIL PROTECTED] | web: http://www.esilibrary.com
