Re: More on Millennium Circulation passwords -- solved!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Date: Tue, 10 Jul 2001 14:10:30 -0400
- From: Jonathan Jiras <jjjwml@xxxxxxxxxx>
- Subject: Re: More on Millennium Circulation passwords -- solved!
Folks:
III confirmed for me that when MillCirc opens up some basic functionality is present
such as the ability to call up a brief patron record. But mentioned that I can
require authorization to "search by index."
This will prevent someone without initials and a password from typing "nSmith" to see
a list of "Smiths" and scroll through their brief patron records -- which was my main
concern.
If a circ student has the barcode or patron number, they can still scan or type it to
get to that brief patron record without initials/password in MillCirc.
Thanks to all responded.
-Jon Jiras, RIT
Jonathan Jiras wrote:
> Helga, Said, Dan, and others,
>
> Thanks for taking the time to respond. Unfortunately I still have not figured out
> a a way around what I think is a serious problem.
>
> Here it is again stated more succinctly:
>
> Once MillCirc loads, or even after the keyboard time out has cleared the
> initials, the ability to see a patron's brief record is available without
> requiring initials and passwords. All they have to do is type "nSmith" in the
> search box and hit "search." A list of all "Smiths" will appear, they can scroll
> though and view the brief records at their leisure without being prompted for
> initials and password.
> --prompting users for initials upon logging in doesn't work because a user can
> hit the cancel button and get in anyway.
> --associating the login with a specific set of initials that has no authority
> to do anything won't work. -- they can still search for a patron and see the
> brief record.
> --not associating the login with a specific set of initials won't work either.
> They too can still search for a patron and see the brief record
>
> I've read the help files, seen the login manager tutorial, read the notes to the
> authentication session that was presented at the IUG, and read the several public
> and private replies to my original message. It still seems that there is no way
> to replicate the telnet experience:
> --automatic login (which is good because there is no username and password for
> the students to remember, and no security hole)
> --require a username and password for users to see the patron record or do
> *anything* at all on the system.
>
> Does anyone know a way to require initials and passwords for users to see the
> patron data in MillCirc?
>
> P.S. For another example of how "...there are issues regarding MilCirc
> passwording... that may require some difficult local decisions... especially
> ...[for libraries that move] from the text-based system to MilCirc..." see:
> http://innopacusers.org/list/archives/1999/msg03049.html
>
> Thanks,
> -Jon Jiras, RIT
begin:vcard
n:Jiras;Jonathan
tel;fax:716-475-7007
tel;work:716-475-7737
x-mozilla-html:FALSE
org:Rochester Institute of Technology;Wallace Library
adr:;;90 Lomb Memorial Drive;Rochester;NY;14623-5604;USA
version:2.1
email;internet:jjjwml@xxxxxxxxxx
title:Library Software Specialist
fn:Jonathan Jiras
end:vcard