https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30649 --- Comment #24 from David Cook <dcook@prosentient.com.au> --- (In reply to Katrin Fischer from comment #23)
It might also hinder a a quick desaster recovery to a different server? At least something more to think about for backups etc.
With the encryption key in koha-conf.xml, they wouldn't be able to decrypt the encrypted passwords in the database either. (In reply to Kyle M Hall from comment #22)
(In reply to Victor Grousset/tuxayo from comment #21)
That's why I wondered if there was any gain compared to just storing the passwords into koha-conf.xml directly? (or another file)
Simply put, imo, that would mean librarians could no longer update that data without help from the server administrator, making their jobs more difficult.
Agreed with Kyle. There needs to be a balance between security and functionality/convenience. -- You are receiving this mail because: You are watching all bug changes.