[Koha-bugs] [Bug 20340] Ability to use authentication plugin
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Apr 29 03:03:25 CEST 2019
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20340
--- Comment #56 from David Cook <dcook at prosentient.com.au> ---
(In reply to Martin Renvoize from comment #51)
> (In reply to Fridolin SOMERS from comment #50)
> > > have a granular set of permissions on the server
> > What about adding to koha-conf.xml a boolean to allow or not uploading
> > plugins ?
> > If not allowed only system admin can add plugins.
> >
> > My 2c
>
> You can already enable and disable plugins entirely from koha-conf can't
> you.. I was thinking more having classifactions of plugins so you could
> allow a whitelist of supported ones for example.. or say.. all cataloguing
> plugins but not auth plugins.
>
> I like the idea of a whitelist.
I think Fridolin was talking about leaving plugins enabled, but disabling the
ability to upload via the Web UI. I've thought about doing this myself.
A whitelist could be interesting. I also liked your mention earlier about
signed plugins. One way of whitelisting could be to only allow plugins signed
by keys you trust. I mean... that's how a lot of software installers already
work, right?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list