#831 closed enhancement (fixed)
transparent EZProxy support
| Reported by: | simon | Owned by: | simon |
|---|---|---|---|
| Priority: | major | Milestone: | 1.5 Beta 1 |
| Component: | misc | Version: | 1.5 |
| Keywords: | Cc: |
Description
should automatically direct links to major databases to appropriate EZProxies, if instructed to
Change History (4)
comment:1 Changed 8 years ago by simon
- Resolution set to fixed
- Status changed from new to closed
comment:2 Changed 8 years ago by dstillman
Is there a reason for leaving the transparent redirection pref off by default? I guess maybe it's an issue if you sometimes use a proxy and sometimes connect from campus on the same computer, in that it'd try to use the proxy even when you were on-campus? (Is there anything we can do about that other than hope that university proxy systems automatically bypass the login if you're on campus?)
It seems like a pretty great feature, so burying it in the prefs would be kind of a shame.
comment:3 Changed 8 years ago by simon
My main reason for disabling this by default was that I was worried less savvy users would just click through the "Proxy Recognized" box without reading it, and thus become vulnerable to phishing attacks (since some other site could pretend to be an EZProxy for, e.g., citibank.com). I also put in a delay before the "OK" button becomes enabled when the dialog first appears for the same reason. The latter alone is probably sufficient protection, though. (It'd also be nice if I could get a caution icon instead of a question mark.)
BTW, EZProxy, at least, will bypass the login if you're on campus. We could add an "except when my domain ends in ..." option to the preferences too.
comment:4 Changed 8 years ago by simon
(In [3266]) references #831, transparent EZProxy support
changes default behavior. transparent redirection is now enabled by default, and a caution dialog appears when proxies are first accessed. when transparent redirection is turned off, no dialog appears, and proxies get saved automatically. when the user switches transparent redirection on, there is a warning that s/he should check that there are only trusted proxies in the list. i'm not sure how well i've worded the messages, so feel free to suggest better alternatives.
also, a bit of jsdoc cleanup on proxy.js
(In [3107]) closes #743, Support non-EZproxy proxies
closes #831, transparent EZProxy support
adds a proxy pane to the preferences
asks before saving proxies to the DB (to avoid the potential phishing risk #831 would otherwise pose)