[Koha-bugs] [Bug 30649] Vendor EDI account passwords should be encrypted in the database
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Sun Nov 27 05:04:48 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30649
--- Comment #27 from Victor Grousset/tuxayo <victor at tuxayo.net> ---
(In reply to Kyle M Hall from comment #22)
> (In reply to Victor Grousset/tuxayo from comment #21)
> > That's why I wondered if there was any gain compared to just storing the
> > passwords into koha-conf.xml directly? (or another file)
>
> Simply put, imo, that would mean librarians could no longer update that data
> without help from the server administrator, making their jobs more difficult.
Hence the earlier «maybe Koha can't write to that file and that would need a
separate file»
(In reply to David Cook from comment #26)
> So sysadmins really need to keep in mind that the database and server-side
> config need to be restored together.
Ah yes, so actually encrypting data in the DB does not protect from a backup
leak. (I wrongly said that earlier) Since a backup should have the config
files.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list