[Koha] koha script wiki

Eric Phetteplace ephetteplace at cca.edu
Tue Nov 10 13:25:45 NZDT 2020


I think that is a valid fear but just want to point out that JavaScript
injected onto Koha's staff side could already
transmit confidential information to a third party, yet there is a section
for JS on the wiki.

Best,

ERIC PHETTEPLACE Systems Librarian, Libraries (he/him)

ephetteplace at cca.edu | o 510.594.3660 (cca)

5212 Broadway | Oakland, CA | 94618

CCA is situated on the traditional unceded lands of the Ohlone peoples.

Black-owned bookstores in Oakland: Ashay by the Bay
<https://ashaybythebay.com/>, Marcus Books
<https://www.facebook.com/marcus.books/>

:(){ :|: & };:


On Mon, Nov 9, 2020 at 3:34 PM <dcook at prosentient.com.au> wrote:

> I am concerned about adding backend scripts to the wiki. There's no
> reliable way to ensure those scripts would be correct, and it would be
> trivial for someone to inject malicious code into the scripts and have
> unsuspecting users run things which could damage/compromise their backend
> systems by copy/pasting and executing.
>
> I fear that people would see it on the wiki and take that as an
> endorsement of those scripts.
>
> David Cook
> Software Engineer
> Prosentient Systems
> 72/330 Wattle St
> Ultimo, NSW 2007
> Australia
>
> Office: 02 9212 0899
> Online: 02 8005 0595
>
> -----Original Message-----
> Date: Sun, 8 Nov 2020 08:15:40 +0000
> From: "Renvoize, Martin" <martin.renvoize at ptfs-europe.com>
> To: rogan.hamby at gmail.com
> Cc: Koha <koha at lists.katipo.co.nz>
> Subject: Re: [Koha] koha script wiki
> Message-ID:
>         <
> CAB7SL8B7tGQDss1zMJXXSZRubp9bJAGUtVBac7KAKcMsmmbnVA at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> By all means feel free to add a page to the wiki...
>
> I do wonder, however, why don't you submit useful scripts to the project
> via bugzilla instead..? That way they would benefit from the many eyes of
> our signoff and quality assurance process, get documented as part of the
> standard documentation processes and be more accessible to end users?
>
> Just some thoughts,
>
>
>
>
> _______________________________________________
>
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
>


More information about the Koha mailing list