U>
Subject: Re: [CODE4LIB] Ez proxy -deliver message saying why not authenticated
Hi Amy!
That sort of information is generally considered to be a security violation.
If someone is probing your system, being told that they got the ID right and
all they have left is to figure out the password is
I guess my vote would be to keep them in the system after they graduated, with
some sort of flag. Then, after they successfully authenticate themselves, you
can give them all the helpful messages you want.
Otherwise, unauthenticated users should get as little information as possible.
Ralph
--
Yes, we talked about that. Would we be able to delineate password and/or
username wrong as opposed to "you graduated and you don't have access
anymore because you're not enrolled"? Just curious.
Amy Vecchione, Digital Access Librarian/Assistant Professor
http://works.bepress.com/amy_vecchione/
Alb
I remember seeing a conversation about this recently, on the ezproxy email
list: http://ls.suny.edu/read/?forum=ezproxy. The subject line was "EZproxy
default and error web page questions". I haven't tried anything like this
yet, but would be interested in hearing about it if it works for you.
Tha
Hi Amy!
That sort of information is generally considered to be a security violation.
If someone is probing your system, being told that they got the ID right and
all they have left is to figure out the password is a big help.
I'm afraid that unhelpful messages are best for unverified clients.
Hello!
I just thought I would try and ask here since I haven't found anything
elsewhere: has anyone written a script that delivers a more nuanced error
message when using Ez proxy? For example:
User name is right password is wrong
Password is expired
Username locked out
Just curious!
Amy
