Security Considerations

Kiosks are often placed in public locations and require no or little authentication (a PIN code can be requested to confirm bookings). Therefore, you should consider any security risks prior to their deployment in terms of access to user lists, account numbers, or rates. For example, if account numbers and rates are required and pre-defined on user accounts, these values can be revealed to anybody using the kiosk by misrepresenting who they are and impersonating a different user. For secure locations this is likely not a problem; however, in public situations, it may be best to disable on-kiosk booking or to create special public versions of resources that do not require rates or account numbers to be set.