http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8839
Fred P <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #8 from Fred P <[email protected]> --- You may be aware about the IndependantBranches preference issue. Setting IndependantBranches to "Don't Prevent" overrides the AutoLocation "Require" ip range restrictions, allowing remote access from anywhere, with implications for security. Auth.pm around line 834: if (C4:Context->boolean_preference('IndependantBranches') && C4::Context->boolean_preference('AutoLocation')){ # we have to check they are coming from the right ip range If we do not restrict remote access, we need to implement stronger login security. So I am wondering how the new IndependantBranches settings affect security. Are we still wide open to password cracking if we say "Don't Prevent" for IndependantBranches? Or do the new settings help secure the system? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
