[Web4lib] Library Elf reveals user info

McMorris,Don dmcmorris at sals.edu
Thu Dec 29 06:45:26 EST 2005 

<snip>This is exactly why I've always said we need native RSS feeds out of our catalogs, from our vendors, because it's the only way we can control some of these very issues. If the service and security don't come from us, what choice do we give patrons? I voluntarily use ELF because my system doesn't provide me with these services, which I find very valuable. I just never put the feed into a public aggregator.
</snip>

It frankly doesn't matter who controls the RSS feed.  If it was controlled in your catalog, and a user used a faulty service to aggregate the data, the aggregator then makes the "choice" to make it public.

It appears obvious to me that the fault is in the aggregator.  It is reasonable to expect that when you check the option "private", that it wouldn't be shared with the world.  Had you used a desktop aggregator, one that doesn't have the capability to share the information online, it'd be secure.

Outside of library data, some e-mail services are syndicating e-mail in RSS format.  Had I utilized this feed in an online aggregator that was flawed and/or misleading, my e-mails would be shared with the world just like the Elf data was.

On a personal note, I like Library Elf.  We are in the process of migrating to a new ILS (actually, we've been live on it since June), and stuff like E-Mail "Almost Overdue" notices hasn't been turned on yet (who knows what the ILS administration staff thinks, but I won't rant about all the problems I have with them here... It'd take up too much space).  Anyway LibraryELF was set up by the ILS vendor "out-of-the-box", and after finding this out I get notices that items are due 3 days ahead of time (whereas I wouldn't get notified by the system until they are 7 days overdue).

In conclusion, Elf is a great and fairly secure service.  The incident where the information was shared was a result of mis-configured and/or ill-designed online RSS aggregation services.

--Don

------------------------ 
"Proudly serving the 964 residents of the Village of Salem, NY" 


Donald J McMorris Jr. 
Assistant Librarian 
Bancroft Public Library 
181 South Main St 
PO Box 515 
Salem, NY 12865 
Phone/Fax: (518) 854-7463 
www.slibrary.org 
XIZ / SALS-SLM

More information about the Web4lib mailing list