https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17004
--- Comment #38 from Ulrich Kleiber <[email protected]> --- (In reply to Arthur Suzuki from comment #36) > (In reply to Ulrich Kleiber from comment #34) > > I think leaving the proven path of pure doctrine is better than the > > alternative of using ILS-DI for patron authentication, where the password > > appears in the URL and thus in the Apache log files and the Plack log files. > > We have legacy systems which are not part of a centralized single sign-on > > infrastructure. But they are part of our in-house Koha infrastructure. Our > > patrons do not have to give there password to a third party service. > > About ILS-DI having the password in the URL, the easy fix is to have the > third-party software querying Koha with HTTP-POST instead of HTTP-GET, that > works. > The parameters are then not part of the URL anymore, hence not logged. > (still transfered in cleartext if https is not used though) Thanks for your hint Arthur, it works :) -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
