[WEB4LIB] database authentication script

Robert J. Tiess rjtiess at warwick.net
Mon Apr 26 06:33:50 EDT 1999


Glen Davies wrote:
> The script checks the barcode and pin entered, and
> if valid returns a form with a hidden generic userid
> and password for the database that has been selected.

If in this library system patrons cannot change
their PINs, then this script would be very easy
to implement.  However, in many library systems
patrons are allowed to do so, creating a
situation where changed PINs and a static list
of barcodes/PINs would then block patrons from
accessing databases.  The short-term solution
is to fetch the barcodes/PINs on a daily basis,
which may or may not be problematic where you
are situated.  But even on a daily basis, a PIN
changed would cause a patron not to be able to
access that database until the next day.  Of
course, the barcodes/PINs could be fetched on
an hourly basis, but this method can be slow in
a library of many patrons.  The same problem
arises with the creation of new library cards,
which would not join the barcode/PIN list until
the next day.  Perhaps a patterned barcode
approach may be sufficient, where only the first
or last universal set of numbers (e.g.
24680xxxxxxx) are matched and used along with
referrer URL/domain authentication without
having to bring PINs into the equation.

Robert

rjtiess at warwick.net
http://members.tripod.com/~rtiess


More information about the Web4lib mailing list