[Koha-bugs] [Bug 21325] Prevent authentication when sending userid and password via querystring parameters
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Apr 20 01:27:44 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21325
--- Comment #17 from David Cook <dcook at prosentient.com.au> ---
(In reply to Nick Clemens from comment #16)
> Should we do the same for svc scripts?
> https://wiki.koha-community.org/wiki/Koha_/svc/_HTTP_API#GET_.2Fsvc.2Fbib.2F.
> 24biblio
It would probably be a good idea although more likely to break things.
I suppose we should actually double-check all instances of checkpw(). They're
in checkauth() but also check_api_auth and a few other places like
C4/ILSDI/Services.pm, opac/sco/sco-main.pl, etc.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list