Hi, Excellent! Thanks for the info. The koha-restful package looks like a better fit than the ilsdi.pl script. It was a little hard to install, but I figured it out ( could not find a libcgi-application-dispatch-perl for squeeze, but found package libcgi-application-basic-plugin-bundle-perl has this module.) Looks like everything works. I actually just implemented OAuth2 with Koha (we use Google Apps for Education, so all our student's use gmail), so I think this will simplify the authentication situation as well... I'm currently writing a ruby gem to interact with Koha...I'll send an update to the list when I publish it, just in case anyone else is interested... thanks again. b,chris. On 18 February 2013 21:27, Chris Cormack <chrisc@catalyst.net.nz> wrote:
* Fitzpatrick, Christopher (cf@wmu.se) wrote:
Hi everyone, I've just started working on some "connector" code to extend some functionality of our Koha instance by interacting with another web app we use. I'm wanting to authenticate users to their Koha accounts and it seems like using the ILSDI api would be the easiest way, since it would it would allow me to not have to make a direct DB connection. However, looking at the AuthenticatePatron action, I'm not too comfortable passing username and password simply as clear text GET parameters, so I am trying to come up with some ways to avoid this, as it's not very secure. Limiting IP access to the ilsdi.pl probably does not complete resolve this issue, since the username and password will still be captured in the http logs. I am curious what are some of the security measures others are using when using this api? Thanks for any help! Very much appreciated...best, chris fitzpatrick
I'd POST to it, over SSL
Chris
-- Chris Cormack Catalyst IT Ltd. +64 4 803 2238 PO Box 11-053, Manners St, Wellington 6142, New Zealand