[Koha-bugs] [Bug 20340] Ability to use authentication plugin

Wed Apr 24 12:41:59 CEST 2019

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20340

--- Comment #49 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
(In reply to David Cook from comment #41)
> Anyone else think that it's a terrible idea to have authentication plugins
> that non-technical staff can load into Koha? Sounds like a massive security
> problem waiting to happen.

This is a manageable risk. I believe we should end up with a repository of
signed and trusted plugins as per Alex's response (comment #48) and have a
granular set of permissions on the server as to what types of plugins may be
installed via the client.  I've been wanting to work towards this for some
time, along with adding translations to plugins and generally enhancing the
system as a whole.. but these things all need sponsorship, time and money.

(In reply to David Cook from comment #43)
> I think we should ask ourselves what we're trying to achieve here. Are we 
> adding authentication plugins via the Staff UI, because it's too difficult to 
> get changes into Koha, especially around authentication?

Koha is a well established and highly reliable system these days, relied upon
by countless libraries. I am a firm believer in our quality assurance policies
and the both the commit logs and release notes serve to prove that the software
is still moving forward rapidly with enhancements and new features continually
being integrated.  Yes, we could always do with more hands/eyes on the code and
people supporting each other by offering SO and QA time. That is something I
intend to work on if I am elected to be RM over the next two cycles, but I
think it's very unfair to suggest one has to have extensive influence/power to
get code into the community. I believe we are a very supportive and friendly
community in 99% of cases and I would certainly support anyone's efforts to get
code in.. sometimes it is hard to pick which bugs to focus on and I'm always
open to suggestions via any means (email, irc, bugzilla priorities)

Finally, I concur with Chris, thankyou very much for taking the time to both
look at this and submit followup code Axel. I will take a look at it all at my
earliest convenience and attempt to help get things moving again.

-- 
You are receiving this mail because:
You are watching all bug changes.