Hi, 

Excellent! Thanks for the info. The koha-restful package looks like a better fit than the ilsdi.pl script. It was a little hard to install, but I figured it out ( could not find a libcgi-application-dispatch-perl for squeeze, but found package libcgi-application-basic-plugin-bundle-perl has this module.) Looks like everything works. 
  
I actually just implemented OAuth2 with Koha (we use Google Apps for Education, so all our student's use gmail), so I think this will simplify the authentication situation as well...

I'm currently writing a ruby gem to interact with Koha...I'll send an update to the list when I publish it, just in case anyone else is interested...

thanks again. b,chris. 


On 18 February 2013 21:27, Chris Cormack <chrisc@catalyst.net.nz> wrote:
* Fitzpatrick, Christopher (cf@wmu.se) wrote:
>    Hi everyone,
>    I've just started working on some "connector" code to extend some
>    functionality of our Koha instance by interacting with another web app we
>    use. I'm wanting to authenticate users to their Koha accounts and it seems
>    like using the ILSDI api would be the easiest way, since it would it would
>    allow me to not have to make a direct DB connection.
>    However, looking at the AuthenticatePatron action,  I'm not too
>    comfortable passing username and password simply as clear text GET
>    parameters, so I am trying to come up with some ways to avoid this, as
>    it's not very secure. Limiting IP access to the ilsdi.pl probably does not
>     complete resolve this issue, since the username and password will still
>    be captured in the http logs. I am curious what are some of the security
>    measures others are using when using this api?
>    Thanks for any help! Very much appreciated...best, chris fitzpatrick

I'd POST to it, over SSL

Chris

--
Chris Cormack
Catalyst IT Ltd.
+64 4 803 2238
PO Box 11-053, Manners St, Wellington 6142, New Zealand