http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14323
Bug ID: 14323
Summary: Users who share userid and cardnumber cause Privacy
Breach
Change sponsored?: ---
Product: Koha
Version: 3.18
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Authentication
Assignee: gmcha...@gmail.com
Reporter: j...@bywatersolutions.com
QA Contact: testo...@bugs.koha-community.org
CC: dpav...@rot13.org
For Patron log in on the OPAC Koha looks at the userid first and tries to
authenticate and then looks at the barcode to find a match.
Problem: If you have user1 with a cardnumber that is the userid for user2 and
they have the same password
Scenario:
User1: cardnumber: user1card userid: user1 pwd:changeme
User2: cardnumber: user2card userid: user1card pwd:changeme
This scenario is a tad unlikely but think about it in a migration perspective.
If we have a library with 4 digit cardnumbers and we are making the userid the
last four digits of their phone number and we assign a default password to
everyone. There's the potential for failure When user1 logs in with his
cardnumber s/he is taken to user2's account. Breach of patron privacy.
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
