https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28990 --- Comment #11 from David Cook <dcook@prosentient.com.au> --- (In reply to Fridolin Somers from comment #10)
In my opinion storing security settings inside database is not good.
I think it's arguable about whether an Identity Provider counts as a security setting per se. Or are you referring to different settings?
We often copy database from a production server to a test server, where security is on purpose lower.
That sounds like an internal problem? What's the risk that you're worried about here? Data breach?
For me the best place is koha-conf.xml, it already contains major security settings (authentication, path, ...)
As a vendor, I like storing things in configuration files (although I hate the bloated koha-conf.xml), since they're more secure and easier to deploy programmatically. But as a consumer, we'd be removing functionality from Koha. I think that's the point that Donna is making. Unless you have the wealth to pay for a vendor or internal staff, you might not be able to configure those settings anymore. (Of course, one could argue there are many settings in Koha that already work that way.) -- Ultimately, it doesn't matter to me, as I have power. I'm just thinking about removing options from people who don't have as much power. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.