[WEB4LIB] Re: database authentication script - standard

Glen Davies glen at rimu.cce.ac.nz
Mon Apr 26 17:51:04 EDT 1999


In our case the static file is hopfully a temporary solution and that 
part of the script will be replaced by a perl odbc query to our live 
patron file.
What James Cayz says is true though, we need some sort of 
standard for this, because as sure as eggs, as soon as I get my 
script humming along nicely a database vendor will turn up with an 
authentication system that doesn't fit into it!  
	
> Glen Davies wrote:
> > The script checks the barcode and pin entered, and
> > if valid returns a form with a hidden generic userid
> > and password for the database that has been selected.
> 
> If in this library system patrons cannot change
> their PINs, then this script would be very easy
> to implement.  However, in many library systems
> patrons are allowed to do so, creating a
> situation where changed PINs and a static list
> of barcodes/PINs would then block patrons from
> accessing databases.  The short-term solution
> is to fetch the barcodes/PINs on a daily basis,
> which may or may not be problematic where you
> are situated.  But even on a daily basis, a PIN
> changed would cause a patron not to be able to
> access that database until the next day.  Of
> course, the barcodes/PINs could be fetched on
> an hourly basis, but this method can be slow in
> a library of many patrons.  The same problem
> arises with the creation of new library cards,
> which would not join the barcode/PIN list until
> the next day.  Perhaps a patterned barcode
> approach may be sufficient, where only the first
> or last universal set of numbers (e.g.
> 24680xxxxxxx) are matched and used along with
> referrer URL/domain authentication without
> having to bring PINs into the equation.
> 
> Robert
> 
> rjtiess at warwick.net
> http://members.tripod.com/~rtiess




More information about the Web4lib mailing list