Re: [Koha] Why are there two SIP2 ports in Koha?

Chris Cormack Tue, 28 Aug 2018 12:35:22 -0700

Some self check machines operate SIP2 over telnet instead of raw. It's no more 
secure but some older machines work that way.


Of course SIP2 is hideously insecure so those ports should never be exposed 
except on localhost and run through stunnel or a VPN.

If you expose unencrypted SIP2 traffic on a network then you are sending all 
sorts of personal info unencrypted, most likely violating the GDPR. And 
definitely opening yourself up to being compromised

(it's trivial to capture the user and password of the SIP2 user at the very 
least)

Chris 

On 29 August 2018 7:21:03 AM NZST, Michael Kuhn <m...@adminkuhn.ch> wrote:
>Hi
>
>When using the standard configuration in file "SIPconfig.xml" after 
>enabling and starting the SIP2 servers there are two ports:
>
>     <service
>       port="8023/tcp"
>       transport="telnet"
>       protocol="SIP/2.00"
>       timeout="60" />
>
>     <service
>       port="127.0.0.1:6001/tcp"
>       transport="RAW"
>       protocol="SIP/2.00"
>       client_timeout="600"
>       timeout="60" />
>
>We have just reconfigured the following line
>
>       port="10.0.0.1:6001/tcp"
>
>and our 3M SelfCheck System Model 8420 can successfully connect and 
>communicate via port 6001, without needing to add any sign in commands 
>in expect syntax (which is needed when using port 8023 via telnet, as
>it 
>is described in 
>https://wiki.koha-community.org/wiki/Setting_up_Koha_SIP_and_3M_machines
>).
>
>Can someone please explain why there are two ports? Are these just 
>offering the same functionality in two different ways (telnet, RAW), or
>
>is it maybe recommended to use telnet for some unknown security
>reasons?
>
>Best wishes: Michael
>-- 
>Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg.
>Fachausweis
>Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz
>T 0041 (0)61 261 55 61 · E m...@adminkuhn.ch · W www.adminkuhn.ch
>_______________________________________________
>Koha mailing list  http://koha-community.org
>Koha@lists.katipo.co.nz
>https://lists.katipo.co.nz/mailman/listinfo/koha

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
Koha mailing list  http://koha-community.org
Koha@lists.katipo.co.nz
https://lists.katipo.co.nz/mailman/listinfo/koha

Re: [Koha] Why are there two SIP2 ports in Koha?

Reply via email to