On Sun, 23 Jan 2005 12:08, you wrote: > On Sat, 22 Jan 2005 23:24, Andrew Errington wrote: > > I need the PIN as plain text to send to the server, but I > > don't know enough to make it safer (assuming it needs to be). > > imho, it doesn't need to be any safer than you have it now. Certainly you > don't want to have a pgp passphrase or similar stored on the machine. > > What are the consequences of it taking an unfortunate fall? > Not much, Somebody can discover what books you have out of the library, > what a discovery!!
"The Anarchist's Cookbook", erotica or political tomes. It's really no-one's business but mine. However, it's not well protected. The only protection is that individual login sessions do time out, so no-one can refresh the login page and redisplay your information (after a time-out, or immediately if you do an explicit logout). > Somebody can reserve a book, pretending to be you. 'nother big deal > because you don't have to pay for it until you pick up the book. You can > explain to the staff what has happened and they will simply put the book > back into circulation. Most of the time the staff are pretty good about > establishing identity if you don't have your card with you. True, and anytime you look at their webpage you can see what you have recently reserved. > Somebody can get into the premium databases pretending to be you. > afaik that's another big deal, because they are gratis. > > Can anybody think of any other risks? Only that someone could masquerade as you and built up a trail of questionable activity. > None the less I'd take a bit more care with your library card than you > did in the past. Me personally, or did you mean "one should take more care with one's library card..."? > The risk with the public library is that it is only too easy to simply > leave books which you have read on the returns counter only to have them > picked up by a thief before they are removed form your card. You end up > having to pay for the replacements. They can be expensive, especially for > folk with our interests. I know! Yes, I often wondered about that. I have not have this happen to me or anyone I know, but it did seem to be a possible turn of events. > bye the bye, I'd love to help with testing the script. Well, so far it logs in and retrieves the data. The next step is to parse the dates and construct a new list of soon-to-be-overdue which can be emailed. I'm almost able to get awk to do it... I will send you a copy later, since by remarkable coincidence you probably are a member of the same library. Andy
