[Koha-bugs] [Bug 29894] Trying to still improve Koha/Auth/TwoFactorAuth
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jan 20 16:16:54 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894
--- Comment #10 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
(In reply to Marcel de Rooy from comment #4)
> Still thinking about what we do now in registering: create secret, pass it
> out, get it back, etc.
> Easy way to build the qr but not pass the secret in that process?
The CSRF token protects the secret. Fine enough probably. Especially if we
would send a notice when we register or deregister 2FA to inform the user about
such a change. That notice might be a simple pragmatic additional precaution.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list