Hi everyone,
I've just started working on some "connector"
code to extend some functionality of our Koha instance by
interacting with another web app we use. I'm wanting
to authenticate users to their Koha accounts and it seems
like using the ILSDI api would be the easiest way, since it
would it would allow me to not have to make a direct DB
connection.
However, looking at the AuthenticatePatron
action, I'm not too comfortable passing username and
password simply as clear text GET parameters, so I am trying
to come up with some ways to avoid this, as it's not very
secure. Limiting IP access to the ilsdi.pl
probably does not complete resolve this issue, since the
username and password will still be captured in the http
logs. I am curious what are some of the security measures
others are using when using this api?
Thanks for any help! Very
much appreciated...best, chris fitzpatrick