Those sound like good options to consider. I think our tech guy was also wondering if Evergreen is or could be set up to limit staff client access to specified IP addresses. Is that an option, with the way Evergreen operates?
Thanks, Karen -----Original Message----- From: Jason Etheridge [mailto:[EMAIL PROTECTED] Sent: Thursday, October 04, 2007 11:28 AM To: [EMAIL PROTECTED]; [email protected] Subject: Re: [OPEN-ILS-DEV] Staff Client Port On 10/4/07, Karen Collier <[EMAIL PROTECTED]> wrote: > This raises another question though. What kind of security is there > to keep hackers out of the staff client if you can't just firewall it > off, since it uses the same ports as the OPAC which the public is supposed to get to? Hi Karen, Anything "dangerous" such as retrieving or changing patron data requires both authentication and authorization (you have to login with sufficient permissions). You'll need to protect your client workstations the same way you would need to for any application, from such things as keystroke loggers. However, you should be relatively immune from network attacks like packet sniffing and man-in-the-middle intercepts, since the client and server encrypts anything sensitive with industry-standard SSL. You'll just need a SSL certificate from an authority that the client recognizes (and you could self-sign and add yourself as an authority to your deployed clients). The OPAC and the staff client are both applications that speak the same Evergreen language, and use the same permission and authentication systems. However, you could conceivably segregate the traffic by a number of means, and filter certain types of requests from going through the OPAC gateway and layering additional authentication upon the client gateway (for example, you could require access through a VPN). Let me know if this answers your question! -- Jason Etheridge | VP, Community Support and Advocacy | Equinox Software, Inc. / The Evergreen Experts | phone: 1-877-OPEN-ILS (673-6457) | email: [EMAIL PROTECTED] | web: http://www.esilibrary.com
