https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21325 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au --- Comment #1 from David Cook <dcook@prosentient.com.au> --- (In reply to Marcel de Rooy from comment #0)
In testing bug 13779, I just noticed that an URL like this works:
https://[your_domain]/cgi-bin/koha/opac-reserve. pl?biblionumber=[some_biblionumber]&userid=[your_userid]&password=[your_passw ord]
Obviously, we should not expose credentials like that. But it raises the question: should we allow it then?
In my opinion, we 100% should not allow it. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.