[Koha-bugs] [Bug 30649] Vendor EDI account passwords should be encrypted in the database
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Nov 9 23:48:01 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30649
--- Comment #24 from David Cook <dcook at prosentient.com.au> ---
(In reply to Katrin Fischer from comment #23)
> It might also hinder a a quick desaster recovery to a different server? At
> least something more to think about for backups etc.
With the encryption key in koha-conf.xml, they wouldn't be able to decrypt the
encrypted passwords in the database either.
(In reply to Kyle M Hall from comment #22)
> (In reply to Victor Grousset/tuxayo from comment #21)
> > That's why I wondered if there was any gain compared to just storing the
> > passwords into koha-conf.xml directly? (or another file)
>
> Simply put, imo, that would mean librarians could no longer update that data
> without help from the server administrator, making their jobs more difficult.
Agreed with Kyle. There needs to be a balance between security and
functionality/convenience.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list