[Koha-bugs] [Bug 6220] koha puts default passwords but doesn't tell you what is

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Wed Apr 20 18:09:55 CEST 2011


http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6220

Katrin Fischer <katrin.fischer at bsz-bw.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |katrin.fischer at bsz-bw.de

--- Comment #2 from Katrin Fischer <katrin.fischer at bsz-bw.de> 2011-04-20 16:09:55 UTC ---
I don't really like the idea of a default password. People tend to keep
passwords like that and never change them. I makes it much easier to hack
patron accounts.

When you change a password Koha can already generate a new random password in
the length specified in the sys prefs. I would like to see Koha generating a
password like this one  upon saving a patron with an empty password field.
Koha can send out this password as a mail to the patron, if the library wants
to do this. We already can do this with manually entered passwords.

Ideal would be a to create a one time password and force the patron to change
it when he logs into the OPAC for the first time. Perhaps these one time
passwords should even expire after a given time or be validated by a mail to
the patrons email account.

-- 
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.


More information about the Koha-bugs mailing list