Hello, As RespInfo for my library branch, I often receive mails for security warning (like this : http://www.php-security.org/index.html) on MySQL DB and PHP. What's your mind about these problems ? What're the risks with Koha ? yours -- Pascale Nalon Bibliothèque de l'Ecole des Mines de Paris 35, rue St Honoré 77300 Fontainebleau Tel : 01 64 69 48 79
Pascale Nalon a écrit :
Hello,
As RespInfo for my library branch, I often receive mails for security warning (like this : http://www.php-security.org/index.html) on MySQL DB and PHP. What's your mind about these problems ? What're the risks with Koha ?
Hi Pascale, 1st of all, Koha is written in Perl, so PHP bugs don't concern us ;-) 2nd : mySQL problem could concern us, but only if mySQL was open to the rest of the world. Koha is a complete software, and the user don't have any direct access to the database. Only Koha features can be accessed. Thus, I think our only goal is to have a secured Koha (= ie : no way to do things without the requested privilege) A sample of an insecure Koha is given in my feb, 9th mail on this list. We also have to split the risks in 3 kinds : - security holes needing a librarian login - security hole needing a login - security hole needing no login at all. someone will complete if i'm missing something, i'm not a security guru... -- Paul POULAIN et Henri Damien LAURENT Consultants indépendants en logiciels libres et bibliothéconomie (http://www.koha-fr.org) Tel : 04 91 31 45 19
participants (2)
-
Pascale Nalon -
Paul POULAIN