LISTSERV 16.5 - CODE4LIB Archives

Ok, I wanted to send back to the list what I found out, because there's some pretty useful (and completely undocumented AFAICT) info here:

Ben Hockenberry pointed out that they are able to circumvent the authentication via some customer ID that they set up.  He sent me this link:

http://linksource.ebsco.com/ls.c471c170-ceba-4e65-bdcc-42cd2401e9e8.true/linking.aspx?sid=google&auinit=P&aulast=Bravender&atitle=Weeding+an+Outdated+Collection+in+an+Automated+Retrieval+System&id=doi:10.1080/01462679.2011.605290&title=Collection+Management&volume=36&issue=4&date=2011&spage=237

where the ls.{guid}.true supposedly means something.  I dug around in the pages that EBSCO serves from this, but I never found the string "c471c170-ceba-4e65-bdcc-42cd2401e9e8" come up anywhere, except one place, the 'ReviseRequest' form.

LinkSource sends the form values: sec.guid=c471c170-ceba-4e65-bdcc-42cd2401e9e8&sec.auth=True in the ReviseRequest form and although I couldn't find this GUID in other LinkSource HTML page source (either from St. John Fisher College, Chesapeake College, or University of Lincoln), I decided to play around with the form query parameter some.

When I switched 'sec.guid' to 'sec.id' and sent the AtoZ customer ID as the value, I was able to both specify the institution and circumvent the authentication.

For Chesapeake College, this would be:

http://linksource.ebsco.com/linking.aspx?sid=google&auinit=P&aulast=Bravender&atitle=Weeding+an+Outdated+Collection+in+an+Automated+Retrieval+System&id=doi:10.1080/01462679.2011.605290&title=Collection+Management&volume=36&issue=4&date=2011&spage=237&sec.id=9922&sec.auth=True

for University of Lincoln, this would be:

http://linksource.ebsco.com/linking.aspx?sid=google&auinit=P&aulast=Bravender&atitle=Weeding+an+Outdated+Collection+in+an+Automated+Retrieval+System&id=doi:10.1080/01462679.2011.605290&title=Collection+Management&volume=36&issue=4&date=2011&spage=237&sec.id=1710&sec.auth=True

etc.  Note that you have to remove all linksource.ebsco.com cookies for this to work.

Anyway, I hope this is useful to somebody and I want to thank Ben Hockenberry and Eric Phetteplace for helping me out with this.  Now if I can only figure out a way to disable LinkSource's 'direct linking', I'm set.

Thanks!
-Ross.

On Jun 5, 2013, at 11:25 AM, Ross Singer <[log in to unmask]> wrote:

> Hi all,
> 
> I was wondering if there was anybody on the list that works for an institution that uses EBSCO's LinkSource as their link resolver that _doesn't_ hide it behind their single sign-on service.  Or, alternately, if you know of one (from somewhere other than where you work), that's welcome, too.
> 
> I'm trying to find a cross-section to see how much variation occurs, but having very little luck finding examples that aren't password protected.
> 
> Thanks,
> -Ross.