https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30649
--- Comment #21 from Victor Grousset/tuxayo <vic...@tuxayo.net> --- (In reply to Martin Renvoize from comment #16) > The value does come from the encryption. If the database is somehow > compromised (for example, someone accidentally shares a backup.. it could be > as simple as that).. by having the data in the databawse encrypted the > nafarious actor doesn't have something useful to them.. They still need to > hack the machine to get ahold of the key (from the conf file) and/or read > the code to understand what sort of algorithm is used. That's why I wondered if there was any gain compared to just storing the passwords into koha-conf.xml directly? (or another file) The question would have been more relevant on bug 28998 now that such a mechanism is implemented, the work is done and it's not very hard to use on any data to be protected from SQL injection or accidental backup publication. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
