[Koha-bugs] [Bug 27600] SIP2: renew_all shouldn't perform a password check
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon May 10 17:43:09 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27600
--- Comment #16 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
`allow_empty_password` is a bit of an odd case.. I can see you're thoughts
behind adding it to these calls but then I wonder about that being correct as a
generalisation. It looks like it was written with a particular request in
mind.. the 'patron_info' one... I find that a little odd actually.. that feels
like a call that would more likely want to be behind a password so having to
'allow_empty_password' to get these calls working might open the 'patron_info'
request to abuse without meaning to.
Happy to discus, but as Kyle has looked into the spec, I've implemented his
thoughts here :)
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list