[Koha-bugs] [Bug 30700] Patrons who can log into staff client should be able to change their own password
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue May 10 23:53:00 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30700
--- Comment #5 from Aleisha Amohia <aleisha at catalyst.net.nz> ---
Having multiple people using one account sounds like it's own security risk...
I don't think we should compromise on functionality to support that use case.
The real issue is what David has mentioned in Comment 1. If a person can log
into the staff client, it's illogical to then have to direct them to the OPAC
(another site) to change their own password. Many Koha libraries don't use the
OPAC, or if they do, they may have OpacPasswordChange disabled, and then what?
Additionally, I can't think of any online accounts I have where I can't change
my own password on the site I've logged into. I don't believe we need to wrap
this in a syspref or new permission.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list