[Koha-bugs] [Bug 25936] Notify users if their password has changed
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Mar 3 13:49:09 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25936
--- Comment #5 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
Great addition. Security++
Only thing I could say about the code:
if ( !C4::Auth::checkpw_hash( $password, $self_from_storage->password ) ) {
I understand this change but it should not really be bound to notify yes or no.
Could imagine that set_password should check that always and report it?
Currently the interface lets you change your password while not entering a new
one.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list