Does Your Library Use SSL to Protect Patron Data?
Donna Schumann
schumann at timberland.lib.wa.us
Mon Apr 9 16:59:08 EDT 2001
We are in the process of adding a library card application form to our
web page. As we have talked about the implications of patrons filling
out an Internet form with name, phone number, address, etc., we are
coming to the conclusion that we really need to use SSL to protect
patron privacy. This now has us looking at the lack of security for
patrons placing holds over the Internet. Our patrons can access the
catalog using either telnet or WebPac, and when they place holds, their
library card number, PIN, name, address, phone number, etc. is
transmitted. We know that the telnet data is being sent as clear text,
and we suspect that the same is true with WebPac.
How are other libraries dealing with this?
Also, are there any words of wisdom about setting up SSL? (We're using
IIS.) Do we need to go through VeriSign or can we just use MS
Certificate Server to generate our own certificates? How much does it
cost to get a VeriSign certificate?
Thank you! Donna
--
Donna Schumann, Computer Application Specialist
Timberland Regional Library, 415 Airdustrial Way SW, Olympia, WA 98506
Voice: 360-704-4542 FAX: 360-586-6838 Email:
schumann at timberland.lib.wa.us
More information about the Web4lib
mailing list