[Koha-devel] ILSDI AuthenticatePatron
Fitzpatrick, Christopher
cf at wmu.se
Mon Feb 18 15:34:49 CET 2013
Hi everyone,
I've just started working on some "connector" code to extend some
functionality of our Koha instance by interacting with another web app we
use. I'm wanting to authenticate users to their Koha accounts and it seems
like using the ILSDI api would be the easiest way, since it would it would
allow me to not have to make a direct DB connection.
However, looking at the AuthenticatePatron action, I'm not too comfortable
passing username and password simply as clear text GET parameters, so I am
trying to come up with some ways to avoid this, as it's not very secure.
Limiting IP access to the ilsdi.pl probably does not complete resolve this
issue, since the username and password will still be captured in the http
logs. I am curious what are some of the security measures others are using
when using this api?
Thanks for any help! Very much appreciated...best, chris fitzpatrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20130218/8dafa19a/attachment.html>
More information about the Koha-devel
mailing list