Library insecurity, vendors 

Ex Libris did the right thing and requires stunnel to encrypt the otherwise plaintext SIP communications for self-checks, RFID pads, etc.

BiblioTheca support person trying to configure their hardware fails to get stunnel working and tells the library staff person "there is no personal information passed between your PC and the server, just item IDs and titles".

And user IDs and names and emails, not to mention transactions that could be performed.

Argh.

Follow

Library insecurity, vendors 

This was after I had given our contact staff person the required stunnel cert and the link to the Ex Libris docs on how to set up stunnel.

So I guess I get to go in and set it up myself. Glad we're paying all these professionals to do their professional stuff.

· · Web · 0 · 0 · 0
Sign in to participate in the conversation
code4lib.social

code4lib.social is a GLAM-themed Mastodon Instance.