Comments (12)
We could add a password element to the Patron entity, but if we do, we should make it clear that it is only valid to include it in the payload of a request to create (or modify?) a Patron entity, and should never be served in a response. If we were to use the Modify Patron entity function to change a patron's password, we would probably need to add an old-password element as well. But I feel I'm straying into areas of system security where I don't really have expertise. What do others think?
from bic-lcf.
Security over passwords is extremely important. It is the password itself that must be protected, far more than the system the password grants access to, since users commonly use the same or similar passwords for unrelated systems. Therefore compromise of one password may inadvertently grant access to multiple systems to the hacker.
We should therefore allow the supply of a new password, but never allow any process to hint at retrieval of a password.
It may be a better solution to allow the HTTP POST & PUT of a password on a sub-url to the patron, eg.. /lcf/v1.0/patrons/{patron-id}/password
This would mean the XML schema did not contain any element where a password would be expected, and the use case of setting a password or changing a password could be delivered easily.
from bic-lcf.
Doesn't this fall foul of the same issue as in #19 viz the url being recorded in the logs of a perimeter proxy\firewall\load balancing server.
from bic-lcf.
As I understand it, the URL would not contain the password, as this would be in the entity supplied with the POST or PUT, not in the URL. All that can be derived from the log is the fact that a password has been created or updated, and not the password itself. Is that right?
from bic-lcf.
I was referring to Antony's suggestion above viz "It may be a better solution to allow the HTTP POST & PUT of a password on a sub-url to the patron, eg.. /lcf/v1.0/patrons/{patron-id}/password
This would mean the XML schema did not contain any element where a password would be expected"
from bic-lcf.
At the Technical Panel meeting on 22/09/2016 it was agreed that it should be possible to supply a new patron password in the payload of an HTTP POST or PUT request, as a non-XML payload (i.e. in a plain text MIME part) attached to the request as suggested by Anthony. We didn't agree what the response would contain, but I assume that this would be the standard HTTP response to a POST or PUT, indicating success or failure. I think this needs to be added to the LCF v1.0,.1 specification as a new function "Set Patron Password", which I'll add as new function 17.
It is my understanding that this would be the only way of setting a Patron password, as the Patron password is not a field that would ever be supplied or retrieved as part of a Patron record/entity.
from bic-lcf.
I have added function 17 to both the LCF v1.0.1 specification and to the REST Web Service specification. I have not formally specified how the password should be represented in the XML payload of a PUT request to set/reset, although I have added a recommendation to the REST Web Service specification that the XML payload should contain an element containing the password as an encrypted string. Does anyone think this needs to be specified more formally?
from bic-lcf.
Hi Francis, that's not what was agreed and detailed in the previous comment?
from bic-lcf.
Oh, sorry. I mis-read my own comment! You're right, it should be a plain text MIME part, in which case I presume that the only thing in that MIME part is the encrypted password. Correct?
from bic-lcf.
I've tweaked the REST Web Service specification accordingly. I'm now wondering whether function 17 can use a POST as an alternative to a PUT. My gut feeling is that a PUT is more RESTful, but I'm not a REST expert, so may be wrong about this.
from bic-lcf.
Technically, POST should be used to create a new password, and PUT to update\modify an existing password.
POST would only really make sense for a newly created account which didn't yet have a password. PUT makes more sense if this is used for updating\resetting an existing password.
However, this does raise a question about the security of this function. How do we ensure that the patron has authorised the use of this function to change the password? The obvious solution is that the patron must authenticate, but this is only possible if the patron knows their password, i.e. this function could not be used to reset a forgotten password, nor (more importantly) used in the original scenario - to set a password for a newly created account.
from bic-lcf.
I've further tweaked the documentation to specify POST for setting the patron password the first time, and PUT for resetting it. I hope that's right...
from bic-lcf.
Related Issues (20)
- In a Manifestation entity, should E01C02 Manifestation identifier be mandatory ? HOT 1
- Fines or Fees? HOT 3
- Patron access to designated library branches during un-staffed periods. HOT 8
- Are the various HTTP commands part of the standard? HOT 2
- Does LCF support ordering books online? HOT 1
- Providing a count of downloaded digital products HOT 1
- PNI Code list query HOT 3
- Loan status when creating a new loan HOT 2
- Reservation status when creating a new reservation HOT 4
- Display from date-time and Display until data-time validity in Message HOT 1
- LCF-codelists.xsd annotation inconsistencies. HOT 1
- LCF-codelist.xsd PNI has incorrect enumeration value HOT 2
- Should list PNI be replaced by ONIX list 44. HOT 4
- Returning loans for a patron HOT 2
- Recording event attendance
- Entity MANIFESTATION field E01C02 references MNI, a deprecated code list. HOT 1
- Create a method to query which version of LCF an endpoint implements HOT 5
- Create a proposal for LCF Profile certification
- E01C27 in LCF-InformationEntityXMLBindings subfields have a numbering issue HOT 1
- LCF-InformationEntityXMLBinding examples contain deprecated "version" HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bic-lcf.