Library insecurity, vendors
Ex Libris did the right thing and requires stunnel to encrypt the otherwise plaintext SIP communications for self-checks, RFID pads, etc.
BiblioTheca support person trying to configure their hardware fails to get stunnel working and tells the library staff person "there is no personal information passed between your PC and the server, just item IDs and titles".
And user IDs and names and emails, not to mention transactions that could be performed.
Argh.
Library insecurity, vendors
This was after I had given our contact staff person the required stunnel cert and the link to the Ex Libris docs on how to set up stunnel.
So I guess I get to go in and set it up myself. Glad we're paying all these professionals to do their professional stuff.
