[Koha-bugs] [Bug 34976] New: Encryption keys should not be shared between modules
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Oct 3 16:50:50 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34976
Bug ID: 34976
Summary: Encryption keys should not be shared between modules
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: koha-bugs at lists.koha-community.org
Reporter: m.de.rooy at rijksmuseum.nl
QA Contact: testopia at bugs.koha-community.org
At this time we are using the encryption key in koha-conf to encrypt stuff for
2FA, EDI and Acquisition already. The key was introduced for 2FA.
I think that it would be better to differentiate and use separate keys for
various processes in Koha. For instance, the key for 2FA should be used
exclusively for that purpose.
We could consider if that is needed also for EDI and Acq since these are
related modules. They could use one or two new keys.
When adding a new call to Encryption, we should think about it. Perhaps this
would be forced a bit more by passing a parameter to K::E indicating which key
to use?
Opening the discussion :) What do you think?
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list