[Koha-devel] ILSDI AuthenticatePatron

Fitzpatrick, Christopher cf at wmu.se
Fri Feb 22 09:14:53 CET 2013 

Hi,

So, I went a bit more in-depth with the rest.pl... I'm curious if there's a
plan to add user interaction functionality to this? Like allow users to
renew loans, place holds, cancel holds?
If someone where to add this, would you take a pull-request, or is this out
of scope and should this be forked to a project?

thanks again..b,chris.



On 19 February 2013 11:34, Fitzpatrick, Christopher <cf at wmu.se> wrote:

>
> Hi,
>
> Excellent! Thanks for the info. The koha-restful package looks like a
> better fit than the ilsdi.pl script. It was a little hard to install, but
> I figured it out ( could not find a libcgi-application-dispatch-perl for
> squeeze, but found package libcgi-application-basic-plugin-bundle-perl
> has this module.) Looks like everything works.
>
> I actually just implemented OAuth2 with Koha (we use Google Apps for
> Education, so all our student's use gmail), so I think this will simplify
> the authentication situation as well...
>
> I'm currently writing a ruby gem to interact with Koha...I'll send an
> update to the list when I publish it, just in case anyone else is
> interested...
>
> thanks again. b,chris.
>
>
> On 18 February 2013 21:27, Chris Cormack <chrisc at catalyst.net.nz> wrote:
>
>> * Fitzpatrick, Christopher (cf at wmu.se) wrote:
>> >    Hi everyone,
>> >    I've just started working on some "connector" code to extend some
>> >    functionality of our Koha instance by interacting with another web
>> app we
>> >    use. I'm wanting to authenticate users to their Koha accounts and it
>> seems
>> >    like using the ILSDI api would be the easiest way, since it would it
>> would
>> >    allow me to not have to make a direct DB connection.
>> >    However, looking at the AuthenticatePatron action,  I'm not too
>> >    comfortable passing username and password simply as clear text GET
>> >    parameters, so I am trying to come up with some ways to avoid this,
>> as
>> >    it's not very secure. Limiting IP access to the ilsdi.pl probably
>> does not
>> >     complete resolve this issue, since the username and password will
>> still
>> >    be captured in the http logs. I am curious what are some of the
>> security
>> >    measures others are using when using this api?
>> >    Thanks for any help! Very much appreciated...best, chris fitzpatrick
>>
>> I'd POST to it, over SSL
>>
>> Chris
>>
>> --
>> Chris Cormack
>> Catalyst IT Ltd.
>> +64 4 803 2238
>> PO Box 11-053, Manners St, Wellington 6142, New Zealand
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20130222/10e3fe2d/attachment.html>

More information about the Koha-devel mailing list