RE: WebOPAC and encryption

["Jeff Burns" <jeffb@xxxxxxxxxx>]

Hello all,
I have had several inquiries regarding the "META" tags used to expire the form contents. This is what I used. The  following tags are placed between the <HEAD></HEAD> tags in the form code. I placed them just below the <TITLE> tags.

<META http-equiv="EXPIRES" content="Thu, 01 Dec 1994 16:00:00 GMT">
<META http-equiv="PRAGMA" content="no-cache">
 
This works in I.E. 5.5 and Communicator 4.7. 
If there is anything else that should be added, please let me know.

Thanks,
Jeff
***************************************************************************************************
>>> smithl@xxxxxxxxxx 08/15/00 01:29PM >>>
Jeff Burns,
Would you be willing to share the META code which you added to your forms?
I also am concerned about the "back" problem.
Lois Smith
Catalog/System Librarian
Geisler Library
Central College
Pella, IA  50219
641-628-5158
smithl@xxxxxxxxxx 

-----Original Message-----
From: owner-innopac@xxxxxxxxxx 
[mailto:owner-innopac@xxxxxxxxxx]On Behalf Of Jeff Burns
Sent: Tuesday, August 15, 2000 12:13 PM
To: INNOPAC@xxxxxxxxxx; crowley@xxxxxxxxxx 
Subject: Re: WebOPAC and encryption


I have concerns regarding this as well.   From what I understand, in order
to have a "true" secure connection, the host server must have a
certificate(Verisign.com, Thawte.com) installed. When information is sent
via an input form, the link utilizes an "https" secure protocol. The certs
are inexpensive and allow for true encryption of data, especially if you
plan on implementing some type of payment systems or request other
"personal"  information from patrons via the web.  As far as hackers, where
there is a will there is a way.  There are vast amounts of information on
the net regarding browser encryption, encryption types, and protocols.

One other item regarding the forms that Innovative uses.  We had concerns
raised that some of the field contents(Name) of the forms could be viewed if
the browser "back" button is used after information was submitted.  This
appeared to be related to IE only. We have added "META" code to our forms
which expires the information if the "back" button is used.  Just an FYI...


****************************************************************************
********
>>> crowley@xxxxxxxxxx 08/15/00 10:55AM >>>

We just came up on III last week and I have had one customer who is
concerned about the lack of security on the webopac.  He claims that a
sniffer somewhere on the web could garner his customer information that
he has accessed by putting in his name and library card #.  Does that
customer information (name, phone#, address) actually "travel" across
the Internet or is the only thing that can be hacked his library card #
and name that he inputs to gain access.  (We will be implementing pins
shortly.)  Obviously, I do not know all the technical lingo here, but I
hope you can understand my query.  Thanks!
kc

Kim Crowley, Technology Coordinator
Fort Collins Public Library
201 Peterson Street			phone: 970-221-6662
Fort Collins, CO  80524			fax:   970-221-6398
crowley@xxxxxxxxxx 


--
This message was distributed through the Innovative Users Group INNOPAC
list.
Private replies:  Kim Crowley <crowley@xxxxxxxxxx>
Public replies:   INNOPAC@xxxxxxxxxx 
Archives:  http://innopacusers.org/list/archives/ 

--
This message was distributed through the Innovative Users Group INNOPAC
list.
Private replies:  "Jeff Burns" <jeffb@xxxxxxxxxx>
Public replies:   INNOPAC@xxxxxxxxxx 
Archives:  http://innopacusers.org/list/archives/ 

--
This message was distributed through the Innovative Users Group INNOPAC list.
Private replies:  "Lois Smith" <smithl@xxxxxxxxxx>
Public replies:   INNOPAC@xxxxxxxxxx 
Archives:  http://innopacusers.org/list/archives/

--
This message was distributed through the Innovative Users Group INNOPAC list.
Private replies:  "Jeff Burns" <jeffb@xxxxxxxxxx>
Public replies:   INNOPAC@xxxxxxxxxx
Archives:  http://innopacusers.org/list/archives/