https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004
Arthur Suzuki <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #36 from Arthur Suzuki <[email protected]> --- (In reply to Ulrich Kleiber from comment #34) > I think leaving the proven path of pure doctrine is better than the > alternative of using ILS-DI for patron authentication, where the password > appears in the URL and thus in the Apache log files and the Plack log files. > We have legacy systems which are not part of a centralized single sign-on > infrastructure. But they are part of our in-house Koha infrastructure. Our > patrons do not have to give there password to a third party service. About ILS-DI having the password in the URL, the easy fix is to have the third-party software querying Koha with HTTP-POST instead of HTTP-GET, that works. The parameters are then not part of the URL anymore, hence not logged. (still transfered in cleartext if https is not used though) -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
