https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32078
Bug ID: 32078
Summary: We should have an easy way for an administrator to
update the encryption keys
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Command-line Utilities
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
We now use encryption on a number of Koha database fields and utilise a key
sorted in koha-conf.xml..
However, we have no easy way to change key should that key be leaked or found
to be to simple to crack. We should add a script to allow updating of our
encrpyted values from one key to the next... (or alternatively, perhaps we
should allow for an array of keys in our config and update the encryption on
access whenever we find an prior key is in use?.. I believe this is what we did
when we upgraded from SHA to BCrypt for user passwords).
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
