Hi I do understand and share the concerns. However, the full code is there to anyone to check it out. We are not talking about packaged executables. For example, in the case of scripts I loaded, they run ¨outside" koha code, therefore it is barely difficult that they do expose any information to the outside. Though, it is not impossible for someone to try to get info through an external script. As Eric pointed out JS code is already being shared "unverified" on the wiki and, in my opinion, is more dangerous since it does have "direct access" to koha code and data. Regards, Alvaro |----------------------------------------------------------------------------------------| Stay safe / Cuídate/ Reste sécurisé *7* Switch off as you go / Apaga lo que no usas / Débranchez au fur et à mesure. *q *Recycle always / Recicla siempre / Recyclez toujours P Print only if absolutely necessary / Imprime solo si es necesario / Imprimez seulement si nécessaire Le lun. 9 nov. 2020 à 19:27, Eric Phetteplace <ephetteplace@cca.edu> a écrit :
I think that is a valid fear but just want to point out that JavaScript injected onto Koha's staff side could already transmit confidential information to a third party, yet there is a section for JS on the wiki.
Best,
ERIC PHETTEPLACE Systems Librarian, Libraries (he/him)
ephetteplace@cca.edu | o 510.594.3660 (cca)
5212 Broadway | Oakland, CA | 94618
CCA is situated on the traditional unceded lands of the Ohlone peoples.
Black-owned bookstores in Oakland: Ashay by the Bay <https://ashaybythebay.com/>, Marcus Books <https://www.facebook.com/marcus.books/>
:(){ :|: & };:
On Mon, Nov 9, 2020 at 3:34 PM <dcook@prosentient.com.au> wrote:
I am concerned about adding backend scripts to the wiki. There's no reliable way to ensure those scripts would be correct, and it would be trivial for someone to inject malicious code into the scripts and have unsuspecting users run things which could damage/compromise their backend systems by copy/pasting and executing.
I fear that people would see it on the wiki and take that as an endorsement of those scripts.
David Cook Software Engineer Prosentient Systems 72/330 Wattle St Ultimo, NSW 2007 Australia
Office: 02 9212 0899 Online: 02 8005 0595
-----Original Message----- Date: Sun, 8 Nov 2020 08:15:40 +0000 From: "Renvoize, Martin" <martin.renvoize@ptfs-europe.com> To: rogan.hamby@gmail.com Cc: Koha <koha@lists.katipo.co.nz> Subject: Re: [Koha] koha script wiki Message-ID: < CAB7SL8B7tGQDss1zMJXXSZRubp9bJAGUtVBac7KAKcMsmmbnVA@mail.gmail.com> Content-Type: text/plain; charset="UTF-8"
By all means feel free to add a page to the wiki...
I do wonder, however, why don't you submit useful scripts to the project via bugzilla instead..? That way they would benefit from the many eyes of our signoff and quality assurance process, get documented as part of the standard documentation processes and be more accessible to end users?
Just some thoughts,
_______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
_______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha