Some self check machines operate SIP2 over telnet instead of raw. It's no more secure but some older machines work that way. Of course SIP2 is hideously insecure so those ports should never be exposed except on localhost and run through stunnel or a VPN. If you expose unencrypted SIP2 traffic on a network then you are sending all sorts of personal info unencrypted, most likely violating the GDPR. And definitely opening yourself up to being compromised (it's trivial to capture the user and password of the SIP2 user at the very least) Chris On 29 August 2018 7:21:03 AM NZST, Michael Kuhn <mik@adminkuhn.ch> wrote:
Hi
When using the standard configuration in file "SIPconfig.xml" after enabling and starting the SIP2 servers there are two ports:
<service port="8023/tcp" transport="telnet" protocol="SIP/2.00" timeout="60" />
<service port="127.0.0.1:6001/tcp" transport="RAW" protocol="SIP/2.00" client_timeout="600" timeout="60" />
We have just reconfigured the following line
port="10.0.0.1:6001/tcp"
and our 3M SelfCheck System Model 8420 can successfully connect and communicate via port 6001, without needing to add any sign in commands in expect syntax (which is needed when using port 8023 via telnet, as it is described in https://wiki.koha-community.org/wiki/Setting_up_Koha_SIP_and_3M_machines ).
Can someone please explain why there are two ports? Are these just offering the same functionality in two different ways (telnet, RAW), or
is it maybe recommended to use telnet for some unknown security reasons?
Best wishes: Michael -- Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz T 0041 (0)61 261 55 61 · E mik@adminkuhn.ch · W www.adminkuhn.ch _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.