[Koha-bugs] [Bug 21046] ILSDI - AuthenticatePatron returns a wrong borrowernumber if cardnumber is empty
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jul 9 09:43:22 CEST 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21046
--- Comment #4 from Alex Arnaud <alex.arnaud at biblibre.com> ---
(In reply to Katrin Fischer from comment #2)
> I am not sure we should allow returning of a borrowernumber for an empty
> cardnumber. This could lead to all kinds of problems. I feel we should
> return an error for an empty cardnumber.
It's quite common to have borrowers without cradnumber. Mostly when using third
party import tools. So this leads to have dangerous behavior on portals that
use Koha as back-end. Some patron get the loans, reserves and all information
about an other one.
>
> What if 2 patrons pick the same password or are imported with the same
> default password?
Duplicate password doesn't matter here because we retrieve patrons with their
userid (which is unique).
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list