[Koha-bugs] [Bug 5511] Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Jul 8 08:16:38 CEST 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5511
Frère Sébastien Marie <semarie-koha at latrappe.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |semarie-koha at latrappe.fr
--- Comment #5 from Frère Sébastien Marie <semarie-koha at latrappe.fr> 2011-07-08 06:16:38 UTC ---
Firstly, if I have understand the default value for the preference in the
patch, the security of all koha-based library will downgrade to "Disable by
default" ? (The default is set to "0")
I will prefer the option "secure by default".
For more security information, see
http://capec.mitre.org/data/definitions/60.html [CAPEC-60: Reusing Session IDs
(aka Session Replay)]. The restrict-by-IP check is a "multifactor
authentication".
Secondly, does this solution isn't worst than the problem ? I think the problem
is a "by session" problem for some roaming users. And this solution is disable
globally security check at "site level".
An alternation solution is an option at the login page: "restrict session by
this IP ? Y/n" (and "Y" by default, of course).
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
More information about the Koha-bugs
mailing list