[Koha] Koha security issue.

Christopher Hyde chyde at EBPL.org
Fri Nov 5 08:42:30 NZDT 2010


Scott,

We used OpenKiosk, with a setting to automatically clear out all cached settings every few minutes of non-use to resolve this issue.  We also have a "Log Out" Button (configurable through OpenKiosk) to allow users to manually clear out their session information.  This issue has popped up on many ILS's/Kiosk situations, not just Koha.

Open Kiosk is a free plugin for firefox, available here:
https://www.mozdevgroup.com/clients/bm/


Christopher Hyde
Information Technology 
East Brunswick Public Library 



Message: 7
Date: Thu, 4 Nov 2010 14:18:41 -0400
From: "Scott Kushner" <skushner at mtpl.org>
Subject: [Koha] Koha security issue.
To: <koha at lists.katipo.co.nz>
Message-ID:
	<3F5DBA7C1433624D870AF4F965358FD660E6B2 at exchange.mplmain.mtpl.org>
Content-Type: text/plain; charset="us-ascii"

We are using mozilla firefox 3.5.4 for  Koha access for our patrons.
After one patron is done and walks away, the next patron can use the
"back" button to access the previous patron's records-if 6 patrons have
used this workstation, all of their transactions can be seen by the last
patron. Has the new release of Koha addressed this security issue. Does
anyone have a "one-patron session" fix for this?

 

Thanks,

 

Rod Alberse

Information Technologies

Middletown Township Public Library(MTPL)

 

 


More information about the Koha mailing list