Skip to main content
ExLibris

Knowledge Assistant

BETA
 
  • Subscribe by RSS
    • Back
    Aleph

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      2. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Aleph
    3. Knowledge Articles
    4. X Services security

    X Services security

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Additional Information
    • Article Type: General
    • Product: Aleph
    • Product Version: 17.01

    Description:
    When investigating X Services documentation for the first time we were pertubed to find that, provided a patron's id number is known, all patron information is freely available over the web without any authentication check.
    Should this be so?

    Resolution:
    To address the security issue, we suggest to change the PW of the GUI user WWW-X which is used by all X-server transactions, and to add the following to the URLs:

    &user_name=WWW-X&user_password=NEW-PW

    Another method is to start with:
    /X?op=login&library=XXX50&user_name=WWW-X&user_password=NEW-PW
    and then to each request, add the session ID - for example:
    &session=DYNYB4ACFLXXNARS49QFXTGQN89MU4QM3KHAQ79YE49PX8MH27

    Additional Information

    X Services security bor-info

    • Article last edited: 10/8/2013
    View article in the Exlibris Knowledge Center
    1. Back to top
      • X SERVICE: ILL-BOR-AUTH errors if verification/user ID has both & and dot
      • X-Server bor-info cuts of Z303-ILL-LIBRARY
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Language
      English
      Product
      Aleph
    2. Tags
      1. 17.01
      2. contype:kba
      3. Prod:Aleph
      4. Type:General
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved