[Koha-devel] Why we do not push the ACCTDETAILS email via message queue?
Jonathan Druart
jonathan.druart at bugs.koha-community.org
Mon Jun 18 16:07:03 CEST 2018
It has been reported (by David) on our bug tracker already (20796, security
area, which does no longer make sense at it is public now...)
For information this notice contains the password in clear for... 10 years
now (bug 2149) and the behavior is turned off by default
(AutoEmailOpacUser).
On Mon, 18 Jun 2018 at 10:11 Christopher Nighswonger <
chris.nighswonger at gmail.com> wrote:
> Considering that email is plaintext (AKA "postcard") mail, I'm surprised
> we would send a user's password in an email in any case.
>
>
> On Mon, Jun 18, 2018 at 4:14 AM, David Cook <dcook at prosentient.com.au>
> wrote:
>
>> Considering that the borrower’s password is typically in the ACCTDETAILS
>> email, I think using the message_queue for ACCTDETAILS would be a bad idea
>> and would probably violate the GDPR in Europe.
>>
>>
>>
>> Just imagine looking through your database and seeing all those plain
>> text passwords, especially for people who re-use the same password for
>> everything. I think it would be a security and privacy nightmare.
>>
>>
>>
>> David Cook
>>
>> Systems Librarian
>>
>> Prosentient Systems
>>
>> 72/330 Wattle St
>>
>> Ultimo, NSW 2007
>>
>> Australia
>>
>>
>>
>> Office: 02 9212 0899 <02%2092%2012%2008%2099>
>>
>> Direct: 02 8005 0595 <02%2080%2005%2005%2095>
>>
>>
>>
>> *From:* koha-devel-bounces at lists.koha-community.org [mailto:
>> koha-devel-bounces at lists.koha-community.org] *On Behalf Of *Sophie
>> Meynieux
>> *Sent:* Friday, 15 June 2018 9:33 PM
>> *To:* koha-devel at lists.koha-community.org
>> *Subject:* Re: [Koha-devel] Why we do not push the ACCTDETAILS email via
>> message queue?
>>
>>
>>
>> Maybe because for this message you're expecting it is sent immediately
>> while message_queue table could be processed more occasionally ?
>>
>> Best regards
>>
>> S. Meynieux
>>
>> --
>>
>> Responsable support
>>
>> BibLibre
>>
>> + 33 (0)4 91 81 35 08 <04%2091%2081%2035%2008>
>>
>> http://www.biblibre.com
>>
>> Le 15/06/2018 à 12:40, Indranil Das Gupta a écrit :
>>
>> Hi all,
>>
>>
>>
>> I was wondering why we do not push the ACCTDETAILS email via the message
>> queue.
>>
>>
>>
>> Is it just one of those cases of "as things have always been done" OR
>> there is a reason that I'm missing out?
>>
>>
>>
>> cheers
>>
>> indranil.
>>
>>
>> Indranil Das Gupta
>> L2C2 Technologies
>>
>> Phone : +91-98300-20971 <+91%2098300%2020971>
>> Blog : http://blog.l2c2.co.in
>> IRC : indradg on irc://irc.freenode.net
>> Twitter : indradg
>>
>>
>>
>>
>> _______________________________________________
>>
>> Koha-devel mailing list
>>
>> Koha-devel at lists.koha-community.org
>>
>> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
>>
>> website : http://www.koha-community.org/
>>
>> git : http://git.koha-community.org/
>>
>> bugs : http://bugs.koha-community.org/
>>
>>
>>
>> _______________________________________________
>> Koha-devel mailing list
>> Koha-devel at lists.koha-community.org
>> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
>> website : http://www.koha-community.org/
>> git : http://git.koha-community.org/
>> bugs : http://bugs.koha-community.org/
>>
>
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20180618/3a922332/attachment.html>
More information about the Koha-devel
mailing list