[Koha-bugs] [Bug 26692] Add barcode image generator service for OPAC
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Nov 10 00:15:52 CET 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26692
--- Comment #24 from David Cook <dcook at prosentient.com.au> ---
(In reply to Kyle M Hall from comment #23)
> (In reply to Jonathan Druart from comment #21)
> > Won't it open the door to generate someone else's barcode (easily)?
>
> I don't see how this is a real issue at all. For example, I already use
> StoCard on my phone for my library cards. I would easily generate a barcode
> for another persons library card and use it. Unless library cards are issued
> with your picture on them, they are not a method of security, they are a
> method of convenience.
I would argue that they are a method of security. Perhaps just not a very
secure one. They are roughly the same thing as a (non-encrypted) RFID swipe
card, except that the information is transmitted visually rather than by radio
waves.
Thinking about this more... you could only generate a barcode for another
person's library card if the cardnumbers are predictable (e.g. incremental).
Looking at the code, there is no validation of any kind, so this service
couldn't be used for information discovery or other brute force analysis. It
works even if you enter garbage as the input.
I don't really think that this service is optimal, but I think Kyle makes a
convincing point in terms of barcode fraud already being easy. (Perhaps we
should have more complex barcode schemes in Koha.)
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list