[Koha-bugs] [Bug 12227] New: remove demo user functionality

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri May 9 17:51:57 CEST 2014


http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12227

            Bug ID: 12227
           Summary: remove demo user functionality
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Authentication
          Assignee: gmcharlt at gmail.com
          Reporter: gmcharlt at gmail.com
        QA Contact: testopia at bugs.koha-community.org
                CC: dpavlin at rot13.org

There is a legacy authentication mode whereby if you enable a "demo" setting in
koha-conf.xml, one can log in as a user with username "demo" and password
"demo".

This user acts as a superlibrarian with two exceptions:

[1] not able to modify system preferences
[2] not able to save changes to MARC frameworks

This represents a wart in the authentication code for a very limited use case
-- and warts in authentication code can turn into security exposures.

The special case should be removed.  If folks still want to be able to create
demo systems with high-privilege staff accounts that can't touch MARC
frameworks or system preferences, that can be addressed by adding a couple more
granular permissions.

-- 
You are receiving this mail because:
You are watching all bug changes.


More information about the Koha-bugs mailing list