[Bug 7550] Self checkout: limit display of patron image to logged-in patron
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7550 --- Comment #14 from Marc Véron <veron@veron.ch> --- (In reply to Jonathan Druart from comment #12)
Created attachment 62400 [details] [review] [ALTERNATIVE-PATCH] Bug 7550: SCO - Restrict access of patron's image
With this patch if SelfCheckoutByLogin is set to 'username and password', only the logged in user will be able to see the image linked to his/her logged in account. If set to "barcode" we generate a token but it can be easily generated. You should add a warning in the about page if SelfCheckoutByLogin="barcode" and ShowPatronImageInWebBasedSelfCheck="Show".
Hmm, my patch worked with a hash generated with the image file (as recommended in comment #7), and it did not leave a security hole with SelfCheckoutByLogin="barcode" -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org