[Koha-bugs] [Bug 8839] Independant Branches - Checkout to patron belonging to another branch
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Feb 12 16:37:34 CET 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8839
Fred P <fred.pierre at smfpl.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fred.pierre at smfpl.org
--- Comment #8 from Fred P <fred.pierre at smfpl.org> ---
You may be aware about the IndependantBranches preference issue. Setting
IndependantBranches to "Don't Prevent" overrides the AutoLocation "Require" ip
range restrictions, allowing remote access from anywhere, with implications for
security.
Auth.pm around line 834:
if (C4:Context->boolean_preference('IndependantBranches') &&
C4::Context->boolean_preference('AutoLocation')){
# we have to check they are coming from the right ip range
If we do not restrict remote access, we need to implement stronger login
security.
So I am wondering how the new IndependantBranches settings affect security.
Are we still wide open to password cracking if we say "Don't Prevent" for
IndependantBranches? Or do the new settings help secure the system?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list