https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30649 --- Comment #21 from Victor Grousset/tuxayo <victor@tuxayo.net> --- (In reply to Martin Renvoize from comment #16)
The value does come from the encryption. If the database is somehow compromised (for example, someone accidentally shares a backup.. it could be as simple as that).. by having the data in the databawse encrypted the nafarious actor doesn't have something useful to them.. They still need to hack the machine to get ahold of the key (from the conf file) and/or read the code to understand what sort of algorithm is used.
That's why I wondered if there was any gain compared to just storing the passwords into koha-conf.xml directly? (or another file) The question would have been more relevant on bug 28998 now that such a mechanism is implemented, the work is done and it's not very hard to use on any data to be protected from SQL injection or accidental backup publication. -- You are receiving this mail because: You are watching all bug changes.