https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004 --- Comment #38 from Ulrich Kleiber <ulrich.kleiber@bsz-bw.de> --- (In reply to Arthur Suzuki from comment #36)
(In reply to Ulrich Kleiber from comment #34)
I think leaving the proven path of pure doctrine is better than the alternative of using ILS-DI for patron authentication, where the password appears in the URL and thus in the Apache log files and the Plack log files. We have legacy systems which are not part of a centralized single sign-on infrastructure. But they are part of our in-house Koha infrastructure. Our patrons do not have to give there password to a third party service.
About ILS-DI having the password in the URL, the easy fix is to have the third-party software querying Koha with HTTP-POST instead of HTTP-GET, that works. The parameters are then not part of the URL anymore, hence not logged. (still transfered in cleartext if https is not used though)
Thanks for your hint Arthur, it works :) -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.