https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21325
David Cook <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from David Cook <[email protected]> --- (In reply to Marcel de Rooy from comment #0) > In testing bug 13779, I just noticed that an URL like this works: > > https://[your_domain]/cgi-bin/koha/opac-reserve. > pl?biblionumber=[some_biblionumber]&userid=[your_userid]&password=[your_passw > ord] > > Obviously, we should not expose credentials like that. But it raises the > question: should we allow it then? In my opinion, we 100% should not allow it. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
