[Koha-bugs] [Bug 27812] Remove the ability to transmit a patron's plain text password over email
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Apr 1 20:06:24 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27812
Kyle M Hall <kyle at bywatersolutions.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Failed QA |Passed QA
--- Comment #8 from Kyle M Hall <kyle at bywatersolutions.com> ---
(In reply to Jonathan Druart from comment #7)
> We are removing the password from the notice template for new installations
> only, for existing installations the generated notices will be "password: ".
> I don't think we should remove the password key in the controller script.
I disagree. This is a security bug. We should not allow patron's security to be
compromised in the future just because we've allowed it to be compromised in
the past.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list