[Koha-bugs] [Bug 27812] Remove the ability to transmit a patron's plain text password over email
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Apr 1 20:07:44 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27812
--- Comment #9 from Kyle M Hall <kyle at bywatersolutions.com> ---
(In reply to Kyle M Hall from comment #8)
> (In reply to Jonathan Druart from comment #7)
> > We are removing the password from the notice template for new installations
> > only, for existing installations the generated notices will be "password: ".
> > I don't think we should remove the password key in the controller script.
>
> I disagree. This is a security bug. We should not allow patron's security to
> be compromised in the future just because we've allowed it to be compromised
> in the past.
Would you like me to add a follow-up to modify the templates in the database?
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list