[Koha-bugs] [Bug 30649] Vendor EDI account passwords should be encrypted in the database
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Nov 2 16:55:46 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30649
--- Comment #17 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
Still contemplating QA here.. the code works as expected and I'm happy with the
implementation as a whole.
However.. I'm not so sure about the in place database upgrade... we tend to try
and steer away from referencing Koha modules from within the atomicupdates in
case there's a change to said module down the line. That said.. that's not a
blocker for me, just a consideration. When we upgraded from SHA to BCrypt for
user account hashing we added a layer inside the codebase to upgrade the hash
on first access I seem to recall.
My other pondering is around what happens if/when an admin wants to change the
encryption key for the server.. that's out of scope for this particular bug,
but I feel like we should have an option for it somewhere.. either a script to
update encrypted data's to use the new key (given the old and new key as input)
or a way to defined the keys as an array and upgrade on access or something
like that.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list