[Koha-bugs] [Bug 30649] Vendor EDI account passwords should be encrypted in the database
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Nov 7 06:31:42 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30649
--- Comment #21 from Victor Grousset/tuxayo <victor at tuxayo.net> ---
(In reply to Martin Renvoize from comment #16)
> The value does come from the encryption. If the database is somehow
> compromised (for example, someone accidentally shares a backup.. it could be
> as simple as that).. by having the data in the databawse encrypted the
> nafarious actor doesn't have something useful to them.. They still need to
> hack the machine to get ahold of the key (from the conf file) and/or read
> the code to understand what sort of algorithm is used.
That's why I wondered if there was any gain compared to just storing the
passwords into koha-conf.xml directly? (or another file)
The question would have been more relevant on bug 28998 now that such a
mechanism is implemented, the work is done and it's not very hard to use on any
data to be protected from SQL injection or accidental backup publication.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list