[Koha-devel] Test Request
Galen Charlton
gmc at esilibrary.com
Tue Sep 24 19:25:15 CEST 2013
Hi,
On Tue, Sep 24, 2013 at 10:10 AM, Mark Tompsett <mtompset at hotmail.com>wrote:
> > In your situation, what are the consequences if, either via bug or
> misconfiguration, catalog records meant for authorized users become
> publicly accessible?
>
> Given that sensitive branch’s locations are unpublished, and that I am
> unaware of violence in any of our particular branches’ vicinities, I would
> suspect the worst would be kicked out of country. Though, I would have to
> let my colleagues speak more to the risks in that regard.
>
And this, ultimately, is what makes me nervous about this proposal -- it's
one thing for an academic library to inadvertently reveal confidential
bibliographic records. That may cause annoyance, it may anger donors of
materials in an archival collection, it may at a stretch cost somebody a
job -- but the consequences do not reach to the level of affecting
somebody's safety or freedom of movement.
Whether or not the patch passes QA and my review on the technical merits
and gets pushed for 3.14 or any future release, I /strongly/ encourage you
to consider that air-gap security [1] may better protect the users in
question than any possible implementation in Koha, which simply is not
design as a high-security application.
[1] http://en.wikipedia.org/wiki/Air_gap_(networking)
Regards,
Galen
--
Galen Charlton
Manager of Implementation
Equinox Software, Inc. / The Open Source Experts
email: gmc at esilibrary.com
direct: +1 770-709-5581
cell: +1 404-984-4366
skype: gmcharlt
web: http://www.esilibrary.com/
Supporting Koha and Evergreen: http://koha-community.org &
http://evergreen-ils.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20130924/cbeb9630/attachment.html>
More information about the Koha-devel
mailing list