- Article Type: General
- Product: Aleph
- Product Version: 17.01
When investigating X Services documentation for the first time we were pertubed to find that, provided a patron's id number is known, all patron information is freely available over the web without any authentication check.
Should this be so?
To address the security issue, we suggest to change the PW of the GUI user WWW-X which is used by all X-server transactions, and to add the following to the URLs:
Another method is to start with:
and then to each request, add the session ID - for example:
X Services security bor-info
- Article last edited: 10/8/2013