[OPEN-ILS-DEV] Self-serve password reset thoughts
Dan Scott
dan at coffeecode.net
Mon Mar 29 16:04:18 EDT 2010
On Mon, 2010-03-29 at 07:40 -0400, Bill Ott wrote:
> On 3/29/10 12:35 AM, Dan Scott wrote:
>
> It is for this reason that we require the barcode proper, the username
> is not accepted.
>
> To a large extent, a compromised barcode is a pretty damning situation
> alone, as it's rather simple to replicate that barcode and use it at a
> self-check machine, walking away with potentially thousands of dollars
> worth of materials checked out to someone else.
Well, with the model of self-check we have you would at least need a
scannable barcode - which, on the other hand, is relatively
straightforward to generate these days. Hmm, good idea, we just received
some new loaner laptops and mine is looking rather long in the tooth...
oh wait, the loaner laptops are still stored behind the circ desk.
Foiled again!
It's probably a bad idea to be relying on barcode alone for any kind of
authentication - but until we have a good self-serve password reset
service in place, I'm not going to be enabling the password
authentication at our self-check. All of which is to say - back to work,
Dan.
More information about the Open-ils-dev
mailing list