[Bug 11612] 404 error page for Intranet may leak information
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11612 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au --- Comment #2 from David Cook <dcook@prosentient.com.au> --- Agreed with Isaac. Unauthenticated users shouldn't be able to see anything other than 401 or the login screen. Since we're using Plack::App::CGIBin, I think the only way to deal with this might be to add a Middleware to check if the user is authenticated before returning the 404. Something to think about but certainly relevant. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org