https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=29523
--- Comment #98 from David Cook <[email protected]> --- I actually just thought of another potential issue... Other than Koha's internal use of the API, I think most third-party API usage involves using 1 potentially high privileged user. I assume there will be times where that API user is making a call on behalf of an anonymous user or a low-privileged user, but since the API user is the "logged in" user, the anonymous/low-privileged user will get access to data that they shouldn't - unless the third-party API user does post-processing on their end (which is something we said we wanted to avoid on bug 29275). -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
