http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5511
Frère Sébastien Marie <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #5 from Frère Sébastien Marie <[email protected]> 2011-07-08 06:16:38 UTC --- Firstly, if I have understand the default value for the preference in the patch, the security of all koha-based library will downgrade to "Disable by default" ? (The default is set to "0") I will prefer the option "secure by default". For more security information, see http://capec.mitre.org/data/definitions/60.html [CAPEC-60: Reusing Session IDs (aka Session Replay)]. The restrict-by-IP check is a "multifactor authentication". Secondly, does this solution isn't worst than the problem ? I think the problem is a "by session" problem for some roaming users. And this solution is disable globally security check at "site level". An alternation solution is an option at the login page: "restrict session by this IP ? Y/n" (and "Y" by default, of course). -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
