Hi, On Tue, Sep 24, 2013 at 10:10 AM, Mark Tompsett <mtompset@hotmail.com>wrote:
In your situation, what are the consequences if, either via bug or misconfiguration, catalog records meant for authorized users become publicly accessible?
Given that sensitive branch’s locations are unpublished, and that I am unaware of violence in any of our particular branches’ vicinities, I would suspect the worst would be kicked out of country. Though, I would have to let my colleagues speak more to the risks in that regard.
And this, ultimately, is what makes me nervous about this proposal -- it's one thing for an academic library to inadvertently reveal confidential bibliographic records. That may cause annoyance, it may anger donors of materials in an archival collection, it may at a stretch cost somebody a job -- but the consequences do not reach to the level of affecting somebody's safety or freedom of movement. Whether or not the patch passes QA and my review on the technical merits and gets pushed for 3.14 or any future release, I /strongly/ encourage you to consider that air-gap security [1] may better protect the users in question than any possible implementation in Koha, which simply is not design as a high-security application. [1] http://en.wikipedia.org/wiki/Air_gap_(networking) Regards, Galen -- Galen Charlton Manager of Implementation Equinox Software, Inc. / The Open Source Experts email: gmc@esilibrary.com direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org