https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29894
--- Comment #10 from Marcel de Rooy <[email protected]> --- (In reply to Marcel de Rooy from comment #4) > Still thinking about what we do now in registering: create secret, pass it > out, get it back, etc. > Easy way to build the qr but not pass the secret in that process? The CSRF token protects the secret. Fine enough probably. Especially if we would send a notice when we register or deregister 2FA to inform the user about such a change. That notice might be a simple pragmatic additional precaution. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
