[Koha-bugs] [Bug 27812] Remove the ability to transmit a patron's plain text password over email
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Mar 1 17:01:15 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27812
Martin Renvoize <martin.renvoize at ptfs-europe.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #131166|0 |1
is obsolete| |
--- Comment #26 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
Created attachment 131194
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=131194&action=edit
Bug 27812: Remove the ability to transmit a patron's plain text password over
email
We should not give libraries the ability to compromise patron accounts,
it is considered a huge security issue and nobody in network security
would never recommend allowing passwords to be transmitted in clear text
over email.
It should simply not be possible to send a patron's password in plain text
via email. As such, we should remove this ability from Koha.
Test Plan:
1) Apply this patch
2) Create a patron to generate the ACCTDETAILS email
3) Note you can no longer transmit the patron's password in the email
Signed-off-by: Amit Gupta <amitddng135 at gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize at ptfs-europe.com>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list