[Bug 6220] New: koha puts default passwords but doesn't tell you what is
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6220 Bug #: 6220 Summary: koha puts default passwords but doesn't tell you what is Classification: Unclassified Change sponsored?: --- Product: Koha Version: master Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: Patrons AssignedTo: kyle.m.hall@gmail.com ReportedBy: conan@lugmen.org.ar QAContact: koha-bugs@lists.koha-community.org CC: gmcharlt@gmail.com If you create a patron and don't set a password koha will fill the password field. But there's no hint on creation that this will happen, nor indication what password you will get. There should be a message (maybe via HTML 'label' or 'title') stating you will get a default password anyway and also saying which one will be. Maybe something like: "If you don't supply a password, system will fill with <this_default_password>" Also this information should be visibly highlighted, and a status flag should be set to indicate that and warn the patron to change it as soon as possible. Default password should be a system preference and it should be possible to set different ones for different libraries. Summary: - hint with a visible message about the automatic password filling - show default password in page (creation and modification), it will be know for everbody anyway - allow for different default passwords per library in system preferences -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6220 Nicole C. Engard <nengard@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nengard@gmail.com --- Comment #1 from Nicole C. Engard <nengard@gmail.com> 2011-04-20 16:06:43 UTC --- The database is actually empty - there is no password generated (that was my understanding) the *** you see is just always there - it's part of the template. Someone else can confirm for me before I close this bug - or change the title to 'password needs template edits' Nicole -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6220 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |katrin.fischer@bsz-bw.de --- Comment #2 from Katrin Fischer <katrin.fischer@bsz-bw.de> 2011-04-20 16:09:55 UTC --- I don't really like the idea of a default password. People tend to keep passwords like that and never change them. I makes it much easier to hack patron accounts. When you change a password Koha can already generate a new random password in the length specified in the sys prefs. I would like to see Koha generating a password like this one upon saving a patron with an empty password field. Koha can send out this password as a mail to the patron, if the library wants to do this. We already can do this with manually entered passwords. Ideal would be a to create a one time password and force the patron to change it when he logs into the OPAC for the first time. Perhaps these one time passwords should even expire after a given time or be validated by a mail to the patrons email account. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6220 --- Comment #3 from Fernando L. Canizo <conan@lugmen.org.ar> 2011-04-20 17:10:09 UTC --- (In reply to comment #1)
The database is actually empty - there is no password generated (that was my understanding) the *** you see is just always there - it's part of the template.
Someone else can confirm for me before I close this bug - or change the title to 'password needs template edits'
Nicole
Maybe I'm looking in the wrong place, I just created a patron named 'haspassword', give him no password in opac login group and it shows this on DB: mysql> select password from borrowers where surname = 'haspassword'; +------------------------+ | password | +------------------------+ | kDPg4wXyR8DDyA0MeEjIsw | +------------------------+ 1 row in set (0.00 sec) -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6220 --- Comment #4 from Fernando L. Canizo <conan@lugmen.org.ar> 2011-04-20 17:11:57 UTC --- (In reply to comment #2)
I don't really like the idea of a default password. People tend to keep passwords like that and never change them. I makes it much easier to hack patron accounts.
When you change a password Koha can already generate a new random password in the length specified in the sys prefs. I would like to see Koha generating a password like this one upon saving a patron with an empty password field. Koha can send out this password as a mail to the patron, if the library wants to do this. We already can do this with manually entered passwords.
Ideal would be a to create a one time password and force the patron to change it when he logs into the OPAC for the first time. Perhaps these one time passwords should even expire after a given time or be validated by a mail to the patrons email account.
I agree to all: - random one time passwords sent by email - force patrons to change it on first login And we wont need no changes into prefs. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6220 Nicole C. Engard <nengard@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |6224 -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6220 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|6224 | -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6220 Owen Leonard <oleonard@myacpl.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID --- Comment #5 from Owen Leonard <oleonard@myacpl.org> 2011-08-22 13:42:23 UTC --- The original description of this bug seems to be a duplicate of Bug 3674 and Bug 6224. The discussion has steered towards a new kind of password handling for new accounts, but that should have its own enhancement bug (and RFC too probably). -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org