[Koha-devel] RFC: Plugins QA

2013-05-30 Thread Tomas Cohen Arazi
Hi, with the inclusion of a plugin system we provide a convenient way of injecting functionalities to Koha. I was about to write one myself for implementing some cute graphics (jqPlot) and circulation statistics we had in our 3.0.x fork prior to our 3.8 upgrade. Then I came to think this should

Re: [Koha-devel] RFC: Plugins QA

2013-05-30 Thread Galen Charlton
Hi, On Thu, May 30, 2013 at 9:00 AM, Tomas Cohen Arazi tomasco...@gmail.com wrote: So, I belive we should discuss the creation of a sort of Official plugins repository where QAed plugins could be uploaded. If it turns out that a lot of folks are writing plugins or are planning to, I think we

Re: [Koha-devel] IP address has changed. Please log in again

2013-05-30 Thread Galen Charlton
Hi, On Wed, May 29, 2013 at 3:58 PM, Robin Sheat ro...@catalyst.net.nz wrote: Standard session cookies combined with running over HTTPS is really the only way. It comes down to threat modelling really: is session hijacking something that you feel you care about? (It's perfectly reasonable to

Re: [Koha-devel] IP address has changed. Please log in again

2013-05-30 Thread Michael Hafen
Please don't force HTTPS in the software. I'll explain why I'm making that request here. First, it's easy to force HTTPS in the apache config for the vhosts, I've done this. It's a simple matter of a redirect on the port 80 vhost pointed at the https vhost. This is where certificates would

Re: [Koha-devel] IP address has changed. Please log in again

2013-05-30 Thread Galen Charlton
Hi, On Thu, May 30, 2013 at 3:07 PM, Michael Hafen michael.ha...@washk12.org wrote: I understand that forcing https in the software is a good security measure. I'm just asking that it be controlled by a system preference, or be made an optional section in the apache config file in

Re: [Koha-devel] IP address has changed. Please log in again

2013-05-30 Thread Robin Sheat
Galen Charlton schreef op do 30-05-2013 om 11:18 [-0700]: I'd personally be happy with requiring SSL for the staff interface and the OPAC throughout on the basis that patron information is sensitive enough to demand that level of care. All our deployments now are using SSL, we strongly