[Koha-bugs] [Bug 27812] Remove the ability to transmit a patron's plain text password over email

Mon Feb 28 15:08:07 CET 2022

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27812

Kyle M Hall <kyle at bywatersolutions.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #118797|0                           |1
        is obsolete|                            |
 Attachment #119176|0                           |1
        is obsolete|                            |

--- Comment #22 from Kyle M Hall <kyle at bywatersolutions.com> ---
Created attachment 131166
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=131166&action=edit
Bug 27812: Remove the ability to transmit a patron's plain text password over
email

We should not give libraries the ability to compromise patron accounts, it is
considered a huge security issue and nobody in network security would ever
recommend allowing passwords to be transmitted in clear text over email.  It
should simply not be possible to send a patron's password in plain text via
email. As such, we should remove this ability from Koha.

Test Plan:
1) Apply this patch
2) Create a patron to generate the ACCTDETAILS email
3) Note you can no longer transmit the patron's password in the email

Signed-off-by: Amit Gupta <amitddng135 at gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize at ptfs-europe.com>

-- 
You are receiving this mail because:
You are watching all bug changes.