[WEB4LIB] Re: Anyone using SSL on an OPAC?

Dan Lester dan at riverofdata.com
Thu Dec 5 14:59:39 EST 2002


Thursday, December 5, 2002, 11:48:19 AM, you wrote:

LJ>  There isn't a lot
LJ> of privileged information or personal activity
LJ> transmitted through our OPAC, but I'd like to 
LJ> know more about the pros and cons, as well as
LJ> the nuts and bolts of this issue.

I understand that there isn't a lot of personal information being
transmitted.  At least on our system, where patrons can query their
record and renew items on the web, they're only transmitting their
university ID number, which is pretty secure already.  Unless you have
fairly privileged access you can't look up who has ID number 111110556
(happens to be me) and do anything with the information.  People are
pretty secure with their ID numbers, since they can be used for door
access, access to funds in their university deposit account, access to
grades, and so forth.

I also realize that if some top person in the library or university is
hung up on this that what you or I think, or what logic would dictate.

As a followup on the question of having all catalog transactions
handled by SSL, I don't know what the overhead would be, but I'll bet
there are still users out there with old browsers that can't handle
it, or that will be confused by the messages on newer browsers. We
deal with that regularly, as our off campus authentication is Secure
LDAP, and after authenticating they're "redirected to an insecure
site", which in many browsers pops up a message that concerns users.

Good luck,

dan

-- 
Dan Lester, Data Wrangler  dan at RiverOfData.com 208-283-7711
3577 East Pecan, Boise, Idaho  83716-7115 USA
www.riverofdata.com  www.gailndan.com  Stop Global Whining!




More information about the Web4lib mailing list