[Koha] Remove the password option in patron attributes

Liz Rea liz at catalyst.net.nz
Wed Apr 20 09:25:06 NZST 2016 

Hi Dianna,

The PIN/Password we are talking about here is separate from the normal
user id and password that you put in when you are registering a
borrower. That user id and password are what allow logins to the public
side of Koha, these extended attribute passwords are different to those,
they are stored in plain text (very bad), and don't have any code behind
them to even be used.

You can confirm whether or not you are trying to use this feature by
going to Administration -> Patron attribute types, and clicking through
each one, verifying that the "Password" box is not checked on any of the
attributes.

If you have no attributes listed here, you are not using this and it
would be safe for us to remove it. :)

I hope this helps, please let us know what you find.

Cheers,
Liz

On 20/04/16 08:29, Dianna Waite wrote:
> The PIN  is used at our library as  a way for patrons to log in to their
> account online and to use our  virtual services.  In the patron
> registration field once the pin is put in  the staff can not see what it
> was.  So  it is not clear for anyone else to see.
>
> On Tue, Apr 19, 2016 at 3:07 PM, Katrin Fischer <Katrin.Fischer.83 at web.de>
> wrote:
>
>> Hi Jonathan,
>>
>> I think you have a good point about it being a bad idea to store
>> passwords as plain text. So far it seems unused too - removing it would
>> be ok for me.
>>
>> Katrin
>>
>> Am 19.04.2016 um 09:22 schrieb Jonathan Druart:
>>> Hello everybody,
>>>
>>> I'd like to get opinion on the password option available in patron
>> attributes.
>>> Initially this field was created to allow patrons to use an alternate
>>> password to login, but it has never been implemented.
>>> I have suggested to remove it on bug 12267 as we don't use it
>>> internally and as it's a bad idea to use a password stored in clear
>>> text.
>>> If you are using this option, please tell us know to discuss the matter.
>>>
>>> Regards,
>>> Jonathan
>>>
>>> https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12267
>>> _______________________________________________
>>> Koha mailing list  http://koha-community.org
>>> Koha at lists.katipo.co.nz
>>> https://lists.katipo.co.nz/mailman/listinfo/koha
>>>
>> _______________________________________________
>> Koha mailing list  http://koha-community.org
>> Koha at lists.katipo.co.nz
>> https://lists.katipo.co.nz/mailman/listinfo/koha
>>
>
>

-- 
--
Liz Rea
Catalyst.Net Limited
Level 6, Catalyst House, 
150 Willis Street, Wellington.
P.O Box 11053, Manners Street, 
Wellington 6142

GPG: B149 A443 6B01 7386 C2C7 F481 B6c2 A49D 3726 38B7


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <https://lists.katipo.co.nz/pipermail/koha/attachments/20160420/8e07a56e/attachment.sig>

More information about the Koha mailing list