[Koha] SIP2 AF field sent even if patron password is invalid

Katrin Fischer Katrin.Fischer.83 at web.de
Sun Aug 3 00:31:45 NZST 2014 

Hi,

In my experience not all libraries require a password or PIN at the self
check station. One of the reasons can be that the self check used
doesn't have a full keyboard but only a number pad and we can't limit
passwords in Koha to be only numeric. So keeping the option to work
without passwords would be good.

> On Thu, Jul 31, 2014 at 9:21 AM, Colin Campbell
> <colin.campbell at ptfs-europe.com> wrote:
>> Many of the early sip devices considered the fact a user had wanded a
>> barcode, security enough. I recall machines which sent blank passwords
>> meaning 'I dont care about passwords and if they're valid'. The
>> implication of the standard is that the client end will do the right
>> thing if I flag up the password was invalid.

> It wouldn't surprise me if this were the case back then, but
> yesterday's trusting serial line protocol is today's remote exposure
> of sensitive patron information breach.

>> NB that responses like patron status return both whether the patron is
>> valid and whether the password is valid which suggests that the two are
>> independent and it may want info back irrespective of password validity.
>> Its also not impossible that a client application may want patron data
>> and issue an info request without that patron being present (whether
>> such an app should be tolerated is another thing). So I think we should
>> certainly tailor message resonses sensibly but policy is the
>> responsibility of the client device. (maybe we should look a bit closer
>> at them)
> 
> I agree that it will be necessary to tailor responses per client, but
> I do think that the default should be to limit what gets disclosed if
> an invalid patron password is presented, as information disclosure
> policies is necessarily the responsibility of the SIP2 server.

I agree that we shouldn't send patron information if a wrong password
was provided. Maybe it could be a configuration switch that defines if
passwords are expected and react accordingly?

Regards,

Katrin

More information about the Koha mailing list