[Koha-devel] Koha Security best practises
Robin Sheat
robin at catalyst.net.nz
Mon Jun 20 08:02:46 CEST 2011
Mahesh T Pai schreef op ma 20-06-2011 om 11:23 [+0530]:
> Exactly the kind of thing I was looking for.
>
> But, I am not happy with that no username / password thing required
> comment in that report; one library I knew (10 years back) did not
> restrict physical access much.
Well, if you don't turn the syspref on, then Apache will validate the
certificate and you'll still require a login.
However, in this case, the certificate is part of an organisations
single-sign-on system, and so it would have largely defeated its purpose
to still require a login (also, by the nature of the organisation, being
a government department, there is a significant element of physical
security.)
--
Robin Sheat
Catalyst IT Ltd.
✆ +64 4 803 2204
GPG: 5957 6D23 8B16 EFAB FEF8 7175 14D3 6485 A99C EB6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: </pipermail/koha-devel/attachments/20110620/4386adbc/attachment.pgp>
More information about the Koha-devel
mailing list