[Koha-devel] "Till Reconciliation" Report

[Joe Atzberger]

Besides the security hole I just patched, I think the "Till Reconciliation"
report in 3.x has other serious deficiencies, mostly related to simplistic
structure underlying fines.  If it seems unfamiliar, it should be.  I
commented it out of the interface just before the 3.0 release when I started
to realize the problems with it, but the report script itself was still
there.  Recently some of our clients found it and started trying to use it.
So here's my argument that it should be removed outright.

The branch of the fine payment transaction does not exist in the
accountlines table.  No provisions to record that information exist.  Even
if branchcode were recorded it would not be effective as a real P.O.S.
reconciliation report, because it wouldn't differentiate between any of the
various stations in the same branch.

Here's the part I really don't like.  In the retail world a "Till
Reconciliation" report is used daily to balance out a cash drawer and total
up the day's transactions before an evening deposit.  This is the type of
"evidence" used to fire someone when their register comes up short.  The
report as it stands, despite appearances, is totally useless for that
purpose and should not be attributed any authority at all.

Basically, Koha does not have 1-to-1 assurances for the physical location or
uniqueness of the remote user, system or branch.  Koha does not establish
the identity of remote systems, only the remote user.  In that sense it is a
web application, and not a P.O.S. system.  It doesn't care where on the
Internet you are, as long as you remember your login.  We can have multiple
terminals on the same IP, mutliple browsers on the same system, the same
system on multiple IPs, the same user on multiple sessions, etc.  In short,
we don't know what "till" any payment went to, and as it stands we don't
even know what branch.

IP level filtering can be used to restrict access to known networks, but
that is not tracked by any internal logic.

Adding the branch and operator to fine transactions, and outputting it is
relatively modest refinement compared to making that data verifiable.  None
of the fines enhancement LibLime is currently discussing include
establishing the remote system identity in a truly auditable way (like, say,
client-side certificates).

Please keep in mind I support the idea/workflow of this report, I just think
that we cannot allow the current implementation to be mistaken for valid.
Any complaints about removing it until fines is overhauled, comments or
considerations?

--Joe Atzberger,
LibLime
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/koha-devel/attachments/20081023/ef083173/attachment-0003.htm>