https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30649
--- Comment #14 from Victor Grousset/tuxayo <vic...@tuxayo.net> --- (In reply to Kyle M Hall from comment #9) > (In reply to Victor Grousset/tuxayo from comment #8) > > I don't get how to encrypt a password to an external service and still be > > able to use the external service. Does that mean Koha can in full autonomy > > decrypt it? > > Yes, we store a key in the koha konf file for encryption and decryption. I > need to rebase this patch to use the work from Bug 28998. Ok IIUC the security value doesn't come from encryption but from having the date out of the DB. So a simple SQL injection can't get it. Is there any gain compared to just storing the passwords into koha-conf.xml directly? (hum, maybe Koha can't write to that file and that would need a separate file) Like is it a plausible attack scenario to be able to read the file but not the DB? That when needing both would help. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
