[Koha-bugs] [Bug 24151] Add a pseudonymization process for patrons and transactions

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24151

--- Comment #94 from Marcel de Rooy <m.de.rooy at rijksmuseum.nl> ---
(In reply to Jonathan Druart from comment #93)
> (In reply to Marcel de Rooy from comment #90)


> > my $attributes =
> > Koha::Database->new->schema->resultset('PseudonymizedBorrowerAttribute')-
> > >search({transaction_id => $p->id });
> > So no Koha objects here but DBIx ?
> 
> It's only used in test file. In pm file it's using create_related.
>  97        
> $self->_result->create_related('pseudonymized_borrower_attributes',
> $attribute);
> 
> I don't think it is worth creating a new module only for that purpose.

Agreed.

> > $(htpasswd -bnBC 10 "" password | tr -d ':\n' | sed 's/$2y/$2a/');
> > Why do you change $2y to $2a ?
> > If I understand correctly, $2y signals use of a safer updated algorithm.
> 
> Good question. I remember I first used some methods from Koha::AuthUtils,
> where we hardcode $2a. I guess it comes from there and so the replacement
> should be removed. I will investigate a bit further.

I would be inclined to remove the sed statement here.

> > <key>$2a$10$PfdrEBdRcL2MZlEtKueyLegxI6zg735jD07GRnc1bt.N/ZYMvBAB2</key>
> > BAD choice for a new config variable! What is key? Where is it used for?
> > Please add pseudonymize or something ?
> 
> We could, but the point of the generic wording was to make it use for
> something else, if needed. It could be better named "secret_key".

No blocker, but I prefer a more specific name. Using keys for several purposes
may not always be so handy. 'key' is really too generic.

-- 
You are receiving this mail because:
You are watching all bug changes.