[Koha-bugs] [Bug 5511] Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Nov 24 08:54:03 CET 2014
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5511
--- Comment #16 from Chris Cormack <chris at bigballofwax.co.nz> ---
(In reply to Marc Véron from comment #15)
> (In reply to Chris Cormack from comment #13)
> > This patch set adds a new syspref, which disables session restrict by IP, by
> > default.
> >
> > Which is dangerous, this should be a conscious decision made by someone
> > knowing that they are reducing security.
>
> Is still an issue, see "[Koha] IP Address Changed" on mailing list today.
>
> Maybe we should think about sysprefs that are only avallable to the database
> user.
>
> Marc
The problem is just that the patch sets the ip restriction off by default,
instead of on by default, and having to make a decision to potentially reduce
security.
It would have been a simple change, but the patch author has left it to
languish as Failed QA
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list