Re: [CODE4LIB] Balancing security and privacy with EZproxy
Logging user ID's has a benefit if it's used properly (access tightly controlled to a select group) If campus ID's are being used by bots to harvest content, it means that you have users whose credentials are compromised. Whoever obtained this information also has access to e-mails, student records, and personal information. It's a benefit to everyone if this information gets recorded and reported to campus IT (so the user can have their password reset etc..). The worst part is, this happens much more then you would expect. I developed an application (https://github.com/ryersonlibrary/EZ-Analyzer) to help analyze logs for suspect behavior (it still requires your judgement, but it helps identify users with very high usage, or show if they are logging in from different parts of the world) -Steven On Thu, Nov 20, 2014 at 3:14 PM, Joe Hourcle onei...@grace.nascom.nasa.gov wrote: On Nov 19, 2014, at 11:47 PM, Dan Scott wrote: On Wed, Nov 19, 2014 at 4:06 PM, Kyle Banerjee kyle.baner...@gmail.com wrote: There are a number of technical approaches that could be used to identify which accounts have been compromised. But it's easier to just make the problem go away by setting usage limits so EZP locks the account out after it downloads too much. But EZProxy still doesn't let you set limits based on the type of download. You therefore have two very blunt sledge hammers with UsageLimit: - # of downloads (-transfers) - # of megabytes downloaded (-MB) [trimmed] I'm not familiar with EZProxy, but if it's running on an OS that you have control of (and not some vendor locked appliance), you likely have other tools that you can use for rate limiting. For instance, I have a CGI on a webserver that's horribly resource intensive and takes quite a while to run. Most people wonder what's taking so long, and reload multiple times, thinking the process is stuck ... or they know what's going on, and will open up multiple instances in different tabs to reduce their wait. So I have the following IP tables rule: -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 5 --connlimit-mask 32 -j REJECT --reject-with tcp-reset I can't remember if starts blocking the 5th connection, or once they're above 5, but it keeps us from having one IP address with 20+ copies running at once. ... And back from my days of managing directory servers -- brute forcing was a horrible problem with single sign-on. We didn't have a good way to temporarily lock accounts for repeatedly failing passwords at the directory server (which would also cause a denial of service, as you could lock someone else) ... so it had to be up to each application to implement ... which of course, they didn't. ... so you'd have something like a webpage that required authentication that someone could brute force ... and then they'd also get access to a shell account and whatever else that person had authorization for. -Joe (and on that 'wow, I feel old' note ... it's been 10+ years since I've had to manage an LDAP server ... it's possible that they've gotten better about that issue since then) -- Steven Marsden - Library Systems Analyst Tel: 416-979-5000 x 4635 Ryerson University Library 350 Victoria Street. Toronto, ON. M5B 2K3
Re: [CODE4LIB] Is Anyone Doing RFID Book Location or Stack Mapping?
We built an in-house program for mapping books ( https://github.com/ryersonlibrary/rula-finder). I might take some tweaking to work at your institution, but I would give take a look. Here is a working example: http://apps.library.ryerson.ca/bookfinder/#s=b1768874 Currently its main limitation is that it can open map to rectangles (if the shelves are slanted, or irregularly shaped, it may get tricky) -Steven On Thu, Aug 28, 2014 at 2:07 PM, Dave Caroline dave.thearchiv...@gmail.com wrote: My system is a private collection but operates with a public interface (web) it uses unique barcodes which operate in a similar way to an rfid per item way. 1, me 2, not that long (add an input shelving screen, draw some maps(auto drawn in my case), and add a link in the search results to a map display) 3, not a lot(nothing) I wrote it for my own collection/archive 4, a barcode scanner, both hand held/and a wifi barcode scanner 5, uses the search screen, gets a link to the map 6, no difference in my case 7, yes, sure makes finding stuff easy, also makes for easy stock control I dont see much difference software wise between rfid and barcode just the way scanning is done. The web interface has no map interface for security reasons but internal screens get the map link. I have saved a grab here http://www.collection.archivist.info/archive/mirror/shelfview.php I save an XY location, size and rotation for a shelf and the basic room size in a table then draw automatically the room with an arrow pointing to a highlighted stack. one day the arrow position will show the approx offset along the shelf as I always scan left to right. Dave Caroline On 28/08/2014, Jarrell, Mark mjarr...@richlandlibrary.com wrote: Are there any libraries out there that are making use of RFID hardware/software to help patrons know the precise location of books/items on the shelves? Or is anyone use other stack mapping software to help patrons know the general location of items on the shelf? If so, I have a few questions for you. Please feel free to message me directly and I can compile the results into an anonymous set to share with the group. 1. Name of software vendor 2. Approximate time to implement 3. Approximate cost to implement 4. What types of hardware/software is involved in the process that wasn't used previously? 5. How does the customer locate the item on the shelf (e.g. Via handheld tool, map linked to catalog record, etc.) 6. Is there a way for the patron to find out the location of items that are shelved in non-public areas (if a library branch is undergoing renovations)? 7. Would you recommend this software/hardware method to other libraries? Why or why not? [cid:B062E8AC-43B8-4564-9851-3B3E64D2EDF1] Mark W. Jarrell Online Applications Developer | Richland Library 1431 Assembly St. | Columbia, SC 29201 (p) 803.553.9818 | (GTalk, Skype) mark.jarrell Access Freely at RichlandLibrary.comhttp://www.richlandlibrary.com/. Interested in helping to shape RichlandLibrary.com? Join an advisory grouphttp://www.richlandlibrary.com/website-advisory-groups. Watch Freely: My Pick | The Boy in the Striped Pajamashttp://www.richlandlibrary.com/search/detail/309477 -- Steven Marsden - Library Systems Analyst Tel: 416-979-5000 x 4635 Ryerson University Library 350 Victoria Street. Toronto, ON. M5B 2K3
[CODE4LIB] Blocking abusive users in EZProxy
Hi all, Recently I've had to deal with some users using robots to harvest content from our online subscriptions, and I am looking for ways to automatically stop users before our access gets temporarily revoked (bad for everyone). Currently, were are using EZProxy (with CAS authentication). Would anyone be willing to share their setup or give me some insight here? Thanks, Steven -- Steven Marsden - Library Systems Analyst Ryerson University Library 350 Victoria Street. Toronto, ON. M5B 2K3