https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17776
--- Comment #32 from Matthias Meusburger <[email protected]> --- About comment#27, I tried to spoof HTTP headers with firefox's "Modify Header Value (HTTP Headers)" extension ( https://addons.mozilla.org/fr/firefox/addon/modify-header-value ) and got the following message: "opensaml::SecurityPolicyException The system encountered an error at Fri Sep 28 08:33:58 2018 To report this problem, please contact the site administrator at root@localhost. Please include the following message in any email: opensaml::SecurityPolicyException at (https://catalogue.koha-shib/cgi-bin/koha/opac-user.pl) Attempt to spoof header (AJP_Login) was detected." So basic spoofing doesn't work. However, I'm no security expert, so if anyone thinks that we should add more control mechanisms to the stack we recommand (Apache / mod_shib / plack), please say so. For all the other stacks (IIS, Sun/iPlanet, etc.), we should clearly mention in the documentation that control mechanisms are needed. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
