[Koha-devel] ILSDI AuthenticatePatron
Fitzpatrick, Christopher
cf at wmu.se
Tue Feb 19 11:34:37 CET 2013
Hi,
Excellent! Thanks for the info. The koha-restful package looks like a
better fit than the ilsdi.pl script. It was a little hard to install, but I
figured it out ( could not find a libcgi-application-dispatch-perl for
squeeze, but found package libcgi-application-basic-plugin-bundle-perl has
this module.) Looks like everything works.
I actually just implemented OAuth2 with Koha (we use Google Apps for
Education, so all our student's use gmail), so I think this will simplify
the authentication situation as well...
I'm currently writing a ruby gem to interact with Koha...I'll send an
update to the list when I publish it, just in case anyone else is
interested...
thanks again. b,chris.
On 18 February 2013 21:27, Chris Cormack <chrisc at catalyst.net.nz> wrote:
> * Fitzpatrick, Christopher (cf at wmu.se) wrote:
> > Hi everyone,
> > I've just started working on some "connector" code to extend some
> > functionality of our Koha instance by interacting with another web
> app we
> > use. I'm wanting to authenticate users to their Koha accounts and it
> seems
> > like using the ILSDI api would be the easiest way, since it would it
> would
> > allow me to not have to make a direct DB connection.
> > However, looking at the AuthenticatePatron action, I'm not too
> > comfortable passing username and password simply as clear text GET
> > parameters, so I am trying to come up with some ways to avoid this, as
> > it's not very secure. Limiting IP access to the ilsdi.pl probably
> does not
> > complete resolve this issue, since the username and password will
> still
> > be captured in the http logs. I am curious what are some of the
> security
> > measures others are using when using this api?
> > Thanks for any help! Very much appreciated...best, chris fitzpatrick
>
> I'd POST to it, over SSL
>
> Chris
>
> --
> Chris Cormack
> Catalyst IT Ltd.
> +64 4 803 2238
> PO Box 11-053, Manners St, Wellington 6142, New Zealand
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20130219/f4058b25/attachment-0001.html>
More information about the Koha-devel
mailing list