[Bug 14323] Users who share userid and cardnumber cause Privacy Breach
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14323 Steve, OSLRI, USA <sspohn@oslri.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sspohn@oslri.net --- Comment #6 from Steve, OSLRI, USA <sspohn@oslri.net> --- Following this one. Just found four total in our system where the userid of one patron matched the cardnumber of another. One patron was seeing another patron's borrowing via a self-check terminal so this is definitely a privacy issue. TWO FIXES are needed - 1. LOGIN Based on a previous issue we had... I suspect the mechanics of the login need to be adjusted to capture the borrowernumber that matches the cardnumber/userid AND password. At present it seems to allow a login if it finds and match and then goes and finds a record with a match in either the userid or cardnumber field. If multiple, it just uses the first one returned by the results. 2. CREATE / MODIFY BORROWER The system should check for a match and prevent. -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org