Security Issue?

Help
2004-08-20
2013-05-30
  • Hello everyone!

    Thanks for this great program. I modified it a bit to allow Canadian provinces and postal codes, as well as added a search by teacher option and I think this will work very well.

    However, I also wanted students to be able to search for books. I can allow anonymous search only access by commenting out the require_once logincheck.php lines from /catalog/index.php and /search/biblio_search.php

    Does this represent a significant security risk? Could the anonymous users potentially pass some damaging commands to the biblio_search script?

    Thanks!

    Stefan (sbudeanu at kuperacademy.ca)

     
    • Why not just have them use the OPAC?  It may not be obvious from the installation instructions or the (sparse) documentation, but public access is meant to be given out via http://.../openbiblio/opac/.

      To answer your question directly, what you're doing shouldn't present a major security risk.  But because of the OPAC, it isn't worth doing.

      Micah

       
    • Thanks for the head's up.

      I'm new to library systems so I did not know that feature is already provided.

      It's great, thanks.

       
    • Hi Stefan!
      Can you please tell me what changes you made for the Postal Code stuff in the OpenBiblio database?? I'm here in Ottawa, Ontario and I sort of left this for last as we were busy implementing a new site and OPAC: http://www.jylo.org

      I already deleted the US States and added the provinces, but I didn't look into the postal code field yet.

      Thanks!

      Max
      MaxTheITpro at Yahoo dot ca

       
    • output123
      output123
      2004-10-27

      we want to do the same thing for our church library in ontario too, can you give us the steps how to do this? change pro and postal code.
      thanks.

       


Anonymous


Cancel   Add attachments