[Koha-bugs] [Bug 29523] Add a way to prevent embedding objects that should not be allowed
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jul 27 04:38:48 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29523
--- Comment #98 from David Cook <dcook at prosentient.com.au> ---
I actually just thought of another potential issue...
Other than Koha's internal use of the API, I think most third-party API usage
involves using 1 potentially high privileged user.
I assume there will be times where that API user is making a call on behalf of
an anonymous user or a low-privileged user, but since the API user is the
"logged in" user, the anonymous/low-privileged user will get access to data
that they shouldn't - unless the third-party API user does post-processing on
their end (which is something we said we wanted to avoid on bug 29275).
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list