https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28990
--- Comment #11 from David Cook <[email protected]> --- (In reply to Fridolin Somers from comment #10) > In my opinion storing security settings inside database is not good. I think it's arguable about whether an Identity Provider counts as a security setting per se. Or are you referring to different settings? > We often copy database from a production server to a test server, where > security is on purpose lower. That sounds like an internal problem? What's the risk that you're worried about here? Data breach? > For me the best place is koha-conf.xml, it already contains major security > settings (authentication, path, ...) As a vendor, I like storing things in configuration files (although I hate the bloated koha-conf.xml), since they're more secure and easier to deploy programmatically. But as a consumer, we'd be removing functionality from Koha. I think that's the point that Donna is making. Unless you have the wealth to pay for a vendor or internal staff, you might not be able to configure those settings anymore. (Of course, one could argue there are many settings in Koha that already work that way.) -- Ultimately, it doesn't matter to me, as I have power. I'm just thinking about removing options from people who don't have as much power. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
