[Koha-bugs] [Bug 34976] Encryption keys should not be shared between modules
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Feb 12 23:36:47 CET 2024
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34976
Liz Rea <wizzyrea at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |wizzyrea at gmail.com
--- Comment #4 from Liz Rea <wizzyrea at gmail.com> ---
At the point you have access to root to get the koha-conf, you have everything
including the database and all of the keys anyway (because you can become
koha-mysql or koha-dump the whole thing) and all of the keys are right there in
the koha-conf.
While I agree that one key does allow access to more things, the added
complexity of multiple keys... the idea of it makes me very tired, for a really
negligible gain in security.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list