Password protect for Data Collection Client

[Brett N]

Hello all,

I hope you can help me out. I helped set up Suma for data gathering a little over a year ago at our library and now a question has come up about whether we should have a password added to access the Data Collection Client. 

If you use Suma for gathering data, then have you added a password for access to the Data Collection Client? 

There are a few of us that are concerned about this being an extra layer of work for our students and increasing the barrier for use.

I greatly appreciate your time and input in helping me and our library. 

Thank you!

~Brett

[Joyce Chapman]

We have not added a password at Duke University. We aren't really concerned about anyone A. finding the link who isn't supposed to have it, 2. Inappropriate use by those who do have the link to the client.

We haven't had any problems in ~5 years.

We also have no password on our reporting.

--
You received this message because you are subscribed to the Google Groups "Suma: mobile library assessment toolkit" group.
To unsubscribe from this group and stop receiving emails from it, send an email to suma-mobile-library-asses...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/suma-mobile-library-assessment-toolkit/d05bd44e-5e6b-4403-b6e8-b54ee81a12a1%40googlegroups.com.

[Jason Paul]

I don't know if this is relevant anymore, since it's been almost 2 years since the last post, but I thought I'd go ahead and offer a different perspective.  

I work at Milner Library at Illinois State University and the choice to password protect our Suma server was not up to me.  ISU's Information Security Office believes that to comply with state law services like these need to be password protected and SSL encrypted.  We too operated Suma without password protection for several years without incident, but security audits mandated our compliance.  I don't remember the details that well.  This happened a few years ago -- just before this Google Group was made public.  But I think the reasoning was along the lines of data that is used to determine budgeting cannot be left open to manipulation.

In case anyone is curious, I accomplished this in Suma's Apache virtual host.  I had set up different directories a lot more carefully than I typically do in a *.conf file and I also seem to remember something about AngularJS forcing me to use a *.pem instead of a *.cer file to enable SSL, but I got it working to everybody's satisfaction.