[Koha-bugs] [Bug 12227] New: remove demo user functionality
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri May 9 17:51:57 CEST 2014
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12227
Bug ID: 12227
Summary: remove demo user functionality
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Authentication
Assignee: gmcharlt at gmail.com
Reporter: gmcharlt at gmail.com
QA Contact: testopia at bugs.koha-community.org
CC: dpavlin at rot13.org
There is a legacy authentication mode whereby if you enable a "demo" setting in
koha-conf.xml, one can log in as a user with username "demo" and password
"demo".
This user acts as a superlibrarian with two exceptions:
[1] not able to modify system preferences
[2] not able to save changes to MARC frameworks
This represents a wart in the authentication code for a very limited use case
-- and warts in authentication code can turn into security exposures.
The special case should be removed. If folks still want to be able to create
demo systems with high-privilege staff accounts that can't touch MARC
frameworks or system preferences, that can be addressed by adding a couple more
granular permissions.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list