[Koha-bugs] [Bug 30649] Vendor EDI account passwords should be encrypted in the database

Wed Nov 2 16:51:09 CET 2022

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30649

--- Comment #16 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
(In reply to Victor Grousset/tuxayo from comment #14)
> (In reply to Kyle M Hall from comment #9)
> > (In reply to Victor Grousset/tuxayo from comment #8)
> > > I don't get how to encrypt a password to an external service and still be
> > > able to use the external service. Does that mean Koha can in full autonomy
> > > decrypt it?
> > 
> > Yes, we store a key in the koha konf file for encryption and decryption. I
> > need to rebase this patch to use the work from Bug 28998.
> 
> Ok IIUC the security value doesn't come from encryption but from having the
> date out of the DB. So a simple SQL injection can't get it.
> Is there any gain compared to just storing the passwords into koha-conf.xml
> directly? 
> (hum, maybe Koha can't write to that file and that would need a separate
> file)
> Like is it a plausible attack scenario to be able to read the file but not
> the DB? That when needing both would help.

The value does come from the encryption.  If the database is somehow
compromised (for example, someone accidentally shares a backup.. it could be as
simple as that).. by having the data in the databawse encrypted the nafarious
actor doesn't have something useful to them.. They still need to hack the
machine to get ahold of the key (from the conf file) and/or read the code to
understand what sort of algorithm is used.

So this closes one door.. if they have full access to the server, they have all
the elements they need to access the plaintext credentials.. but the
improvement here is that they now have to have that full access rather than
just a db dump.

-- 
You are receiving this mail because:
You are watching all bug changes.