[Koha-bugs] [Bug 13694] New: Potential privacy issue with OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Feb 10 19:20:48 CET 2015
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13694
Bug ID: 13694
Summary: Potential privacy issue with OPAC
Change sponsored?: ---
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: OPAC
Assignee: oleonard at myacpl.org
Reporter: kyle at bywatersolutions.com
QA Contact: testopia at bugs.koha-community.org
This was reported by a partner:
"So there is kind of a pretty big security bug, the logged in pages are
being cached by the browser, so on a public OPAC machine even after
the user has logged out you can click the back button to see all the
account pages they looked at. You can't actually do anything because
then it asks for login, but that's still a really major problem."
I'm not sure how or if we can fix this issue. I tried the solution here:
http://stackoverflow.com/questions/1341089/using-meta-tags-to-turn-off-caching-in-all-browsers
But it did not help at all in FireFox or Chrome.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list