LM_NET 07/07/07: [LM_NET] HIT: Public display of database passwords

Previous by Date	Next by Date	Date Index & Search
Previous by Thread	Next by Thread	Thread Index & Search
LM_NET Archive

To: LM_NET@LISTSERV.SYR.EDU
Subject: [LM_NET] HIT: Public display of database passwords
From: Floyd <calaf@CHARTER.NET>
Date: Sat, 7 Jul 2007 11:01:44 -0500
Reply-To: Floyd <calaf@CHARTER.NET>
Sender: School Library Media & Network Communications <LM_NET@LISTSERV.SYR.EDU>

My original question:
As a number of my students were reviewing LMC Web sites last weekend, I  
was surprised by the number of schools posting the passwords for remote  
access to subscription databases on the library Web sites. I can't  
imagine that this is anything but a breach of the contract with the  
vendor, either directly or implied.

As I don't deal with vendors any longer, there might have been a change  
in attitude on their part. Do vendors not mind if the LMS post  
passwords openly on the Web sites?

Answers: 100% of the people who responded said no vendor wants the  
passwords to their subscription databases published on a LMC Web site.  
Some responses:

------------------------------------------------------------------------ 
------------------------------------------------------------------------ 
-----
Our vender, EBSO, specifically told us not to post our passwords in a  
public place or share it with anyone other than our school employees  
and students. No doubt about the rules with them.
------------------------------------------------------------------------ 
------------------------------------------------------------------------ 
-----
Absolutely not, Floyd.
I wonder the same thing. The list of our passwords, which is accessible  
online but behind a password-protected barrier.
I'd be interested in hearing responses to your query
------------------------------------------------------------------------ 
------------------------------------------------------------------------ 
-----
You are correct. It allows access to users outside of the licensed  
group.
------------------------------------------------------------------------ 
------------------------------------------------------------------------ 
-----
The ones I've dealt with don't want this happening.  We only post  
passwords on the school network/intranet sites, not on internet.
------------------------------------------------------------------------ 
------------------------------------------------------------------------ 
-----
Oh, yes. Our web site states to see the librarian or get an online  
resources brochure to access the passwords. Once I posted lesson plans  
for using the databases and accidentally included the passwords. I  
heard from the vendor and our regional service center, which provided  
the database for us.
------------------------------------------------------------------------ 
------------------------------------------------------------------------ 
-----
Funny you should mention this - I put our database passwords in a  
supposedly secure place on our website a couple of months ago. The next  
day I got a call from Gale asking why our passwords were publicly  
available! Turned out our permissions were incorrect on that "secure"  
folder. I was amazed that it only took one day for Gale to pick up on  
the mistake. They absolutely did not want those passwords available to  
anyone outside our school.
------------------------------------------------------------------------ 
------------------------------------------------------------------------ 
-----
Floyd, vendors definitely do not want their id/password combinations  
out in the open.  I think the problem comes from ignorance. Many of the  
librarians or webmasters do not realize that anyone can get to those  
pages, or that there are ways to block access.
------------------------------------------------------------------------ 
------------------------------------------------------------------------ 
-----

Floyd Pentlin
------------------------------------------------------------------------ 
---------------
Oh well....I'd just been thinking... if you had died, you'd have been  
welcome to share my toilet. ~ Moaning Myrtle, "Harry Potter and the  
Chamber of Secrets"
------------------------------------------------------------------------ 
---------------
ANSWER MACHINE/FAX: 660.747.0683 - E-MAIL: calaf@charter.net
------------------------------------------------------------------------ 
---------------

--------------------------------------------------------------------
Please note: All LM_NET postings are protected by copyright law.
  You can prevent most e-mail filters from deleting LM_NET postings
  by adding LM_NET@LISTSERV.SYR.EDU to your e-mail address book.
To change your LM_NET status, e-mail to: listserv@listserv.syr.edu
In the message write EITHER: 1) SIGNOFF LM_NET  2) SET LM_NET NOMAIL
3) SET LM_NET MAIL  4) SET LM_NET DIGEST  * Allow for confirmation.
 * LM_NET Help & Information: http://www.eduref.org/lm_net/
 * LM_NET Archive: http://www.eduref.org/lm_net/archive/
 * EL-Announce with LM_NET Select: http://elann.biglist.com/sub/
 * LM_NET Supporters: http://www.eduref.org/lm_net/ven.html
 * LM_NET Wiki: http://lmnet.wikispaces.com/
--------------------------------------------------------------------

Prev by Date: [LM_NET] Target: Do you know this book?
Next by Date: [LM_NET] GEN: Feel Good NY Times Article on Librarian Profession
Prev by thread: [LM_NET] Target: Do you know this book?
Next by thread: [LM_NET] GEN: Feel Good NY Times Article on Librarian Profession
Index(es):
- Date
- Thread

LM_NET Mailing List Home