[Koha] SIP2 AF field sent even if patron password is invalid

Scott Kushner skushner at mplmain.mtpl.org
Wed Aug 6 08:49:33 NZST 2014


I second that opinion Katrin. 

Requiring a pin would be problematic for our self-checkout patrons as well. 

Forgetting pin #'s, changing their telephone #'s, (we use the last 4 digits of the patron's phone # for our OPAC passwords), etc., would be a giant hassle for out circulation staff, if pins were required for self-check. 

Put me down as a big NO THANK YOU for requiring pin numbers at checkout, if that's what we are talking about.

Scott Kushner
Systems Librarian
Middletown Public Library
55 New Monmouth Rd
Middletown, NJ 07748

-----Original Message-----
From: Koha [mailto:koha-bounces at lists.katipo.co.nz] On Behalf Of Katrin Fischer
Sent: Saturday, August 02, 2014 8:32 AM
To: koha at lists.katipo.co.nz
Subject: Re: [Koha] SIP2 AF field sent even if patron password is invalid

Hi,

In my experience not all libraries require a password or PIN at the self check station. One of the reasons can be that the self check used doesn't have a full keyboard but only a number pad and we can't limit passwords in Koha to be only numeric. So keeping the option to work without passwords would be good.

> On Thu, Jul 31, 2014 at 9:21 AM, Colin Campbell 
> <colin.campbell at ptfs-europe.com> wrote:
>> Many of the early sip devices considered the fact a user had wanded a 
>> barcode, security enough. I recall machines which sent blank 
>> passwords meaning 'I dont care about passwords and if they're valid'. 
>> The implication of the standard is that the client end will do the 
>> right thing if I flag up the password was invalid.

> It wouldn't surprise me if this were the case back then, but 
> yesterday's trusting serial line protocol is today's remote exposure 
> of sensitive patron information breach.

>> NB that responses like patron status return both whether the patron 
>> is valid and whether the password is valid which suggests that the 
>> two are independent and it may want info back irrespective of password validity.
>> Its also not impossible that a client application may want patron 
>> data and issue an info request without that patron being present 
>> (whether such an app should be tolerated is another thing). So I 
>> think we should certainly tailor message resonses sensibly but policy 
>> is the responsibility of the client device. (maybe we should look a 
>> bit closer at them)
> 
> I agree that it will be necessary to tailor responses per client, but 
> I do think that the default should be to limit what gets disclosed if 
> an invalid patron password is presented, as information disclosure 
> policies is necessarily the responsibility of the SIP2 server.

I agree that we shouldn't send patron information if a wrong password was provided. Maybe it could be a configuration switch that defines if passwords are expected and react accordingly?

Regards,

Katrin

_______________________________________________
Koha mailing list  http://koha-community.org Koha at lists.katipo.co.nz http://lists.katipo.co.nz/mailman/listinfo/koha





More information about the Koha mailing list