[Koha-devel] ILSDI AuthenticatePatron
Chris Cormack
chrisc at catalyst.net.nz
Mon Feb 18 21:27:38 CET 2013
* Fitzpatrick, Christopher (cf at wmu.se) wrote:
> Hi everyone,
> I've just started working on some "connector" code to extend some
> functionality of our Koha instance by interacting with another web app we
> use. I'm wanting to authenticate users to their Koha accounts and it seems
> like using the ILSDI api would be the easiest way, since it would it would
> allow me to not have to make a direct DB connection.
> However, looking at the AuthenticatePatron action, I'm not too
> comfortable passing username and password simply as clear text GET
> parameters, so I am trying to come up with some ways to avoid this, as
> it's not very secure. Limiting IP access to the ilsdi.pl probably does not
> complete resolve this issue, since the username and password will still
> be captured in the http logs. I am curious what are some of the security
> measures others are using when using this api?
> Thanks for any help! Very much appreciated...best, chris fitzpatrick
I'd POST to it, over SSL
Chris
--
Chris Cormack
Catalyst IT Ltd.
+64 4 803 2238
PO Box 11-053, Manners St, Wellington 6142, New Zealand
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20130219/83bfd9a9/attachment.pgp>
More information about the Koha-devel
mailing list