[Koha-devel] ILSDI AuthenticatePatron
Fitzpatrick, Christopher
cf at wmu.se
Fri Feb 22 09:14:53 CET 2013
Hi,
So, I went a bit more in-depth with the rest.pl... I'm curious if there's a
plan to add user interaction functionality to this? Like allow users to
renew loans, place holds, cancel holds?
If someone where to add this, would you take a pull-request, or is this out
of scope and should this be forked to a project?
thanks again..b,chris.
On 19 February 2013 11:34, Fitzpatrick, Christopher <cf at wmu.se> wrote:
>
> Hi,
>
> Excellent! Thanks for the info. The koha-restful package looks like a
> better fit than the ilsdi.pl script. It was a little hard to install, but
> I figured it out ( could not find a libcgi-application-dispatch-perl for
> squeeze, but found package libcgi-application-basic-plugin-bundle-perl
> has this module.) Looks like everything works.
>
> I actually just implemented OAuth2 with Koha (we use Google Apps for
> Education, so all our student's use gmail), so I think this will simplify
> the authentication situation as well...
>
> I'm currently writing a ruby gem to interact with Koha...I'll send an
> update to the list when I publish it, just in case anyone else is
> interested...
>
> thanks again. b,chris.
>
>
> On 18 February 2013 21:27, Chris Cormack <chrisc at catalyst.net.nz> wrote:
>
>> * Fitzpatrick, Christopher (cf at wmu.se) wrote:
>> > Hi everyone,
>> > I've just started working on some "connector" code to extend some
>> > functionality of our Koha instance by interacting with another web
>> app we
>> > use. I'm wanting to authenticate users to their Koha accounts and it
>> seems
>> > like using the ILSDI api would be the easiest way, since it would it
>> would
>> > allow me to not have to make a direct DB connection.
>> > However, looking at the AuthenticatePatron action, I'm not too
>> > comfortable passing username and password simply as clear text GET
>> > parameters, so I am trying to come up with some ways to avoid this,
>> as
>> > it's not very secure. Limiting IP access to the ilsdi.pl probably
>> does not
>> > complete resolve this issue, since the username and password will
>> still
>> > be captured in the http logs. I am curious what are some of the
>> security
>> > measures others are using when using this api?
>> > Thanks for any help! Very much appreciated...best, chris fitzpatrick
>>
>> I'd POST to it, over SSL
>>
>> Chris
>>
>> --
>> Chris Cormack
>> Catalyst IT Ltd.
>> +64 4 803 2238
>> PO Box 11-053, Manners St, Wellington 6142, New Zealand
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20130222/10e3fe2d/attachment.html>
More information about the Koha-devel
mailing list