https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42179 Olivier Hubert <olivier.hubert@inlibro.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |olivier.hubert@inlibro.com --- Comment #6 from Olivier Hubert <olivier.hubert@inlibro.com> --- (In reply to David Cook from comment #5)
Note also that someone with report permissions could easily lookup the Microsoft365GraphClientId and Microsoft365GraphClientSecret. I don't think we have a good way of storing secrets in system preferences at the moment. (While we do store secrets in them, I think moving forward we always want to be striving to do better.)
From what I understand of Report.pm' FORBIDDEN_COLUMN_MATCHES, any column with
the word "secret" (case-insensitive) should be intercepted and never disclosed by any report. It's why I did not change anything at that level after adding in patch on bz38338. I'm unsure about the ClientId though. Is it considered sensitive information? Should it also be filtered by Report.pm? -- You are receiving this mail because: You are watching all bug changes.