[OPEN-ILS-GENERAL] automate offline patron download

Thu May 13 09:27:42 EDT 2010

Once or twice a day would be sufficient, at least in most cases, since it
can take upwards of 30 seconds to download the list from PINES/Evergreen,
and we do not want that delay every time the client is started.

Thank you for the recommendation on how to proceed!
-- 
Andrew
Tillman
Tech Specialist
Lee County Library
Leesburg, GA
31763
tillman at leecountylibrary.org

> CC'ing
OPEN-ILS-DEV
> 
> On Mon, May 10, 2010 at 5:36 PM, Andrew
Tillman
> <tillman at leecountylibrary.org> wrote:
>> In Evergreen 1.4.07 is there a way to automate the
"Download Offline
>> Patron
>> List"
function with Windows Task Scheduler? Or should we be looking at
>> another method?
> 
> Andrew, would you want the
list to be updated periodically whether the
> client logs in or
not, or maybe every time the client logs in?
> 
> When
this feature was written for PINES, the expectation was that the
>
list would be large and that pulling it down on demand for just those
> who needed it (primarily bookmobile staff) would suffice for
limiting
> the use of bandwidth.  I think the implementation may
have been naive.
> 
> As for your question, you could
download the file containing the list
> outside of the client
(say, using curl or wget) via a CRON job or the
> Windows Task
Scheduler, save it into the user profile directory (where
>
ws_info lives) and rename it "offline_patron_list".  Then
replace the
> file "offline_patron_list.date" with a new
one containing the time of
> download in a format resembling
this:
> 
> Wed May 12 2010 23:55:01 GMT-0400 (EDT)
> 
> (this is the stringified form of a javascript Date
object)
> 
> Better would be to do an HTTP HEAD against
the file instead of GET, to
> test whether it has changed since it
was last downloaded (we should
> probably have the client do this
as well).
> 
> For developers, here is the code behind the
Download Offline Patron
> List menu entry:
>
http://svn.open-ils.org/trac/ILS/browser/branches/rel_1_6/Open-ILS/xul/staff_client/chrome/content/main/menu.js#L861
> 
> And how it gets used in the offline interfaces:
>
http://svn.open-ils.org/trac/ILS/browser/branches/rel_1_6/Open-ILS/xul/staff_client/chrome/content/circ/offline.js#L128
> 
> What would be lovely is if we could break the file up
and do something
> similar to rsync, where the patron list could
be updated piecemeal as
> needed.  There's also a limitation now
with loading the list into the
> staff client, in that if the list
gets too big and the workstation too
> slow, you'll get Script
Taking Too Long warnings that you have to
> click through. 
Multiple files, perhaps using a hash function with the
> patron
barcode, could allow us to load smaller files on demand and
>
improve the situation.
> 
> Any takers for development or
funding of development? :)
> 
> Something else that may be
worth thinking about, is that at the time,
> the bad patron list
wasn't considered "sensitive", since it only
> contained
barcodes and a 1-letter code for the status.  If a patient
>
hacker were to grab this list and try to use these barcodes, they'd
> have to also guess the right passwords and chance upon the patrons
no
> longer being barred or blocked (and ideally, the login
failure message
> wouldn't leak whether it was a bad password or
some other condition
> that prevented login).
> 
>
However, there is a tendency for libraries to push 4-digit PIN's as
> passwords, and a known user barcode is a big piece of the puzzle
> needed for a hacker, a much better situation for them than
randomly
> generating usernames and barcodes to try.
> 
> If any of this is worrying you, then one quick roadblock a
system
> admin could throw up is to put basic authentication on
the apache
> directory serving the bad patron list.  The staff
client will prompt
> for the basic auth credentials.  They could
also implement IP-based
> restrictions on the file, and use URL
re-writing to force the use of
> SSL.
> 
> Yet
more things to think about: some ILS's also preserve fine
>
information for patrons for use in offline mode.  We don't, and I
> don't know of an easy way off-hand to make that scalable for
large
> consortia, but it may be something folks would like.
> 
> Anyway, thanks for letting me hijack your email thread
to ramble about
> the bad patron list. :-D
> 
>
--
> Jason Etheridge
>  | VP, Tactical Development
>  | Equinox Software, Inc. / The Evergreen Experts
>  |
phone:  1-877-OPEN-ILS (673-6457)
>  | email: 
jason at esilibrary.com
>  | web:  http://www.esilibrary.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://libmail.georgialibraries.org/pipermail/open-ils-general/attachments/20100513/4f322e63/attachment.htm 