https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32078 Victor Grousset/tuxayo <victor@tuxayo.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |victor@tuxayo.net --- Comment #2 from Victor Grousset/tuxayo <victor@tuxayo.net> ---
The tricky thing is that we don't currently have a way of noting which key was used to encrypt which field.
As long as there is one key at the time, it's not needed. The update process should be one transaction to guaranty that though.
However, we have no easy way to change key should that key be leaked or found to be to simple to crack
It's generated so cracking shouldn't be an issue. As for a leak, yes a webserver misconfiguration or a vulnerability in Koha or another app on the same server could expose the config file while still having the DB unleaked. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.