[Koha-bugs] [Bug 21301] Restriction of the informations given by GetRecords ILS-DI service
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Mar 25 13:34:36 CET 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21301
--- Comment #15 from Fridolin SOMERS <fridolin.somers at biblibre.com> ---
(In reply to Marcel de Rooy from comment #8)
>
> Is this really a privacy issue? In order to identify the person associated
> with borrowernumber 5, you'll need additional information.
> So if this is just theoretical, then removing the borrowernumber might not
> be enough ;) If I have biblionumber and reservedata or timestamp, I might
> also be able to find the associated borrower?
>
> No blocker, just pushing a bit..
Valid question yep.
In my opinion removing borrowernumber is also to avoid using some scripts
vulnerability with a valid DB id that may allow SQL injection or data leaking.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list