[Koha-devel] Request for discussion: bugs 3674, 6220, 6224 and 6218

[Fernando Canizo]

On 26/04/11 15:57, Chris Cormack wrote:
> * Nicole Engard (nengard at gmail.com) wrote:
>> In the US, some libraries require that parents give their children
>> permission to access the system this means that if the child doesn't
>> have permission they shouldn't have a log in - so having all patrons
>> require a log in would be an issue in this situation.
>>
> I agree, millions of people around the world have no access to the
> internet. Making librarians have to make them a login is an unnessecary
> task. Also, although we would all like this to be untrue, but the vast
> majority of library users never look at, let alone log into the OPAC.
> I can imagine that making the login field unmandatory would be the first
> thing a lot of libraries would ask for.
>
> Having a login and password that is never used by the intended user,and
> probably therefore never changed, means we make an easier attack vector.
> For example if we know that pattern of the default login, all we have to do is
> get the password, reducing the complexity of the attack a lot.

I'm new to koha (and to libraries from the point of view of a librarian) 
and I haven't noticed what was the intended use for that.

So far I'm fiddling with koha installations as superlibrarian and I 
thought everyone would be doing that or at least searching the catalog.

Now I understand why was the way it was and all my rambling is disposable.

-- 
Fernando Canizo (a.k.a. conan) - http://conan.muriandre.com/
GCS d? s:+ a C++ P--- L++++ E--- W+++ w--- M-- PE-- !tv b+++ h---- y+++