[Koha] SIP2 AF field sent even if patron password is invalid

Galen Charlton gmc at esilibrary.com
Thu Aug 7 08:47:29 NZST 2014


Hi,

On Tue, Aug 5, 2014 at 1:49 PM, Scott Kushner <skushner at mplmain.mtpl.org> wrote:
> Put me down as a big NO THANK YOU for requiring pin numbers at checkout, if that's what we are talking about.

It isn't, at least not quite.  One of the things being proposed is
that *if* the SIP2 device supplies a patron password/PIN that is
incorrect, there should be an option for the SIP server to refuse to
return any information about the patron, in order to prevent systems
that use SIP2 purely for authentication to permit leaking information
to people who are not entitled to it.  The emphasis is on the word
*option*, as other participants in this thread have identified various
use cases where a device is using SIP2 for patron lookup, not
authentication.

Regards,

Galen
-- 
Galen Charlton
Manager of Implementation
Equinox Software, Inc. / The Open Source Experts
email:  gmc at esilibrary.com
direct: +1 770-709-5581
cell:   +1 404-984-4366
skype:  gmcharlt
web:    http://www.esilibrary.com/
Supporting Koha and Evergreen: http://koha-community.org &
http://evergreen-ils.org


More information about the Koha mailing list