Greetings, Seeing as there is very little time left before the feature freeze, I was wondering someone could look at bugs 10900, 10895, and 10589. 10900 corrects a bunch of ugly scariness related to set_userenv in C4::Context. This allows 10895 to be tested on 10589. I realize that I should have put the test for 10589 on the same bug, but at the time, the 10589 was signed off. Sadly, I had to rebase, and all three need sign off. 10589 allows changing the scope of OpacHiddenItems based on Patron Category. For example, one category (let’s say cataloger) could search for hidden items in OPAC for just their branch, while another category (let’s say staff) could search for hidden items in OPAC across all branches, while another category (let’s say patrons) wouldn’t see any of the hidden items. This is configurable via two new system preferences PatronSingleBranch and PatronEveryBranch. GPML, Mark Tompsett
Hi, On Tue, Sep 24, 2013 at 6:31 AM, Mark Tompsett <mtompset@hotmail.com> wrote:
10589 allows changing the scope of OpacHiddenItems based on Patron Category. For example, one category (let’s say cataloger) could search for hidden items in OPAC for just their branch, while another category (let’s say staff) could search for hidden items in OPAC across all branches, while another category (let’s say patrons) wouldn’t see any of the hidden items. This is configurable via two new system preferences PatronSingleBranch and PatronEveryBranch.
Could you describe the use case that is motivating the proposed feature? Collections that are hidden to some patrons but not all seems an uncommon scenario. Regards, Galen -- Galen Charlton Manager of Implementation Equinox Software, Inc. / The Open Source Experts email: gmc@esilibrary.com direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org
Le 24/09/2013 18:19, Galen Charlton a écrit :
Hi,
On Tue, Sep 24, 2013 at 6:31 AM, Mark Tompsett <mtompset@hotmail.com <mailto:mtompset@hotmail.com>> wrote:
10589 allows changing the scope of OpacHiddenItems based on Patron Category. For example, one category (let’s say cataloger) could search for hidden items in OPAC for just their branch, while another category (let’s say staff) could search for hidden items in OPAC across all branches, while another category (let’s say patrons) wouldn’t see any of the hidden items. This is configurable via two new system preferences PatronSingleBranch and PatronEveryBranch.
Could you describe the use case that is motivating the proposed feature? Collections that are hidden to some patrons but not all seems an uncommon scenario.
I can think of some: * teachers can see some documents that students can't * "internal" searchers can see some confidential documents, that "external" patrons can't Overall, in public libraries, it's probably a rare situation, while in an academic one, it's more common. We've at least one library that would love this feature ;-) PS: it does not mean I endorse the patch by any mean : I haven't looked at it at all. Just answering Galen use-case question. -- Paul POULAIN - BibLibre http://www.biblibre.com Free & Open Source Softwares for libraries Koha, Drupal, Piwik, Jasper
Hi, On Tue, Sep 24, 2013 at 9:31 AM, Paul Poulain <paul.poulain@biblibre.com>wrote:
Overall, in public libraries, it's probably a rare situation, while in an academic one, it's more common.
We've at least one library that would love this feature ;-)
Thanks, it is very helpful to know that there is at least one library (beside's the patch submitter's) who would be interested. Regards, Galen -- Galen Charlton Manager of Implementation Equinox Software, Inc. / The Open Source Experts email: gmc@esilibrary.com direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org
Greetings, With respect to the feature addition in bug 10589. This feature is motived by privacy concerns. Certain countries do not like certain materials which certain libraries may have. And though the general recommendation is to not catalogue such things publicly, this is counter-productive for patrons in remote locations who would have to waste days to find out there is no useful books pertaining to their linguistic problems. By requiring a log in, authorized patrons can then peruse what is generally not visible to the public, or even to lesser authorized patrons. In this scenario, one branch does not want anyone outside their branch to be able to view their hidden materials, but in another case, one branch is willing to let authorized people outside that particular branch see the hidden materials. All branches want their public materials searchable by the public in general. By customizing patron categories, we can accomplish this by lessening the filtering of the OpacHiddenItems for the various scenarios. The scenario given by Paul P. also applies. GPML, Mark Tompsett
Hi, On Tue, Sep 24, 2013 at 9:51 AM, Mark Tompsett <mtompset@hotmail.com> wrote:
This feature is motived by privacy concerns. Certain countries do not like certain materials which certain libraries may have. And though the general recommendation is to not catalogue such things publicly, this is counter-productive for patrons in remote locations who would have to waste days to find out there is no useful books pertaining to their linguistic problems. By requiring a log in, authorized patrons can then peruse what is generally not visible to the public, or even to lesser authorized patrons. In this scenario, one branch does not want anyone outside their branch to be able to view their hidden materials, but in another case, one branch is willing to let authorized people outside that particular branch see the hidden materials. All branches want their public materials searchable by the public in general. By customizing patron categories, we can accomplish this by lessening the filtering of the OpacHiddenItems for the various scenarios.
In your situation, what are the consequences if, either via bug or misconfiguration, catalog records meant for authorized users become publicly accessible? Regards, Galen -- Galen Charlton Manager of Implementation Equinox Software, Inc. / The Open Source Experts email: gmc@esilibrary.com direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org
Greetings,
In your situation, what are the consequences if, either via bug or misconfiguration, catalog records meant for authorized users become publicly accessible?
Given that sensitive branch’s locations are unpublished, and that I am unaware of violence in any of our particular branches’ vicinities, I would suspect the worst would be kicked out of country. Though, I would have to let my colleagues speak more to the risks in that regard. This is why I have been working on tasks related to OpacHiddenItems. I’m hoping bugs is not the issue, and I will be confirming that misconfiguration is not an issue either. Granted, the possibility of a mistake may occur in the future, but at this point in time it hasn’t. GPML, Mark Tompsett
Hi, On Tue, Sep 24, 2013 at 10:10 AM, Mark Tompsett <mtompset@hotmail.com>wrote:
In your situation, what are the consequences if, either via bug or misconfiguration, catalog records meant for authorized users become publicly accessible?
Given that sensitive branch’s locations are unpublished, and that I am unaware of violence in any of our particular branches’ vicinities, I would suspect the worst would be kicked out of country. Though, I would have to let my colleagues speak more to the risks in that regard.
And this, ultimately, is what makes me nervous about this proposal -- it's one thing for an academic library to inadvertently reveal confidential bibliographic records. That may cause annoyance, it may anger donors of materials in an archival collection, it may at a stretch cost somebody a job -- but the consequences do not reach to the level of affecting somebody's safety or freedom of movement. Whether or not the patch passes QA and my review on the technical merits and gets pushed for 3.14 or any future release, I /strongly/ encourage you to consider that air-gap security [1] may better protect the users in question than any possible implementation in Koha, which simply is not design as a high-security application. [1] http://en.wikipedia.org/wiki/Air_gap_(networking) Regards, Galen -- Galen Charlton Manager of Implementation Equinox Software, Inc. / The Open Source Experts email: gmc@esilibrary.com direct: +1 770-709-5581 cell: +1 404-984-4366 skype: gmcharlt web: http://www.esilibrary.com/ Supporting Koha and Evergreen: http://koha-community.org & http://evergreen-ils.org
Galen, And this, ultimately, is what makes me nervous about this proposal -- it's
one thing for an academic library to inadvertently reveal confidential bibliographic records. That may cause annoyance, it may anger donors of materials in an archival collection, it may at a stretch cost somebody a job -- but the consequences do not reach to the level of affecting somebody's safety or freedom of movement.
Whether or not the patch passes QA and my review on the technical merits and gets pushed for 3.14 or any future release, I /strongly/ encourage you to consider that air-gap security [1] may better protect the users in question than any possible implementation in Koha, which simply is not design as a high-security application.
I would like to second this. Unless you are prepared to make That Phone Call, if you truly believe that inadvertently exposing bibliographic records to the wrong person could have serious consequences, MAKE SURE IT IS IMPOSSIBLE. If there's no possibility of error, there is no danger of the error happening at the worst possible moment. Books are precious, but people are infinitely more so. Also, I would not put much reliance on the fact that there is not currently any violence around the libraries in question. That sort of thing changes quickly. If you really need an example, I can share one. Obviously one of the strengths of open source software is you can do whatever you want with it, even putting the code in question into production if it fails the QA process, but please, Please, PLEASE consider very seriously whether this would best serve your users. Regards, Jared -- Jared Camins-Esakov Bibliographer, C & P Bibliography Services, LLC (phone) +1 (917) 727-3445 (e-mail) jcamins@cpbibliography.com (web) http://www.cpbibliography.com/
On Tue, Sep 24, 2013 at 1:25 PM, Galen Charlton <gmc@esilibrary.com> wrote:
Whether or not the patch passes QA and my review on the technical merits and gets pushed for 3.14 or any future release, I /strongly/ encourage you to consider that air-gap security [1] may better protect the users in question than any possible implementation in Koha, which simply is not design as a high-security application.
And even when you do decide to trust youself to the air-gap... remember stuxnet. [1] Those centrifuge controllers were air-gapped too. Kind Regards, Chris [1] http://en.wikipedia.org/wiki/Stuxnet
Greetings, [SNIP Galen's air gap suggestion]
And even when you do decide to trust youself to the air-gap... remember stuxnet. [1] Those centrifuge controllers were air-gapped too. [SNIP] [1] http://en.wikipedia.org/wiki/Stuxnet
That's got to be some pretty determined threat to consider handling the air-gap of a library. Are the bad guys so bored they have nothing better to do than cyber-attack a library? GPML, Mark Tompsett
Mark Tompsett <mtompset@hotmail.com> wrote:
Greetings,
[SNIP Galen's air gap suggestion]
And even when you do decide to trust youself to the air-gap... remember stuxnet. [1] Those centrifuge controllers were air-gapped too. [SNIP] [1] http://en.wikipedia.org/wiki/Stuxnet
That's got to be some pretty determined threat to consider handling the
air-gap of a library. Are the bad guys so bored they have nothing better to do than cyber-attack a library?
Only when people start storing stuff in a library system that is worth having. Bringing it back on topic :) Chris
GPML, Mark Tompsett
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
participants (6)
-
Chris Cormack -
Chris Nighswonger -
Galen Charlton -
Jared Camins-Esakov -
Mark Tompsett -
Paul Poulain