https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=26692
--- Comment #24 from David Cook <[email protected]> --- (In reply to Kyle M Hall from comment #23) > (In reply to Jonathan Druart from comment #21) > > Won't it open the door to generate someone else's barcode (easily)? > > I don't see how this is a real issue at all. For example, I already use > StoCard on my phone for my library cards. I would easily generate a barcode > for another persons library card and use it. Unless library cards are issued > with your picture on them, they are not a method of security, they are a > method of convenience. I would argue that they are a method of security. Perhaps just not a very secure one. They are roughly the same thing as a (non-encrypted) RFID swipe card, except that the information is transmitted visually rather than by radio waves. Thinking about this more... you could only generate a barcode for another person's library card if the cardnumbers are predictable (e.g. incremental). Looking at the code, there is no validation of any kind, so this service couldn't be used for information discovery or other brute force analysis. It works even if you enter garbage as the input. I don't really think that this service is optimal, but I think Kyle makes a convincing point in terms of barcode fraud already being easy. (Perhaps we should have more complex barcode schemes in Koha.) -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
