https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34976
Bug ID: 34976
Summary: Encryption keys should not be shared between modules
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
At this time we are using the encryption key in koha-conf to encrypt stuff for
2FA, EDI and Acquisition already. The key was introduced for 2FA.
I think that it would be better to differentiate and use separate keys for
various processes in Koha. For instance, the key for 2FA should be used
exclusively for that purpose.
We could consider if that is needed also for EDI and Acq since these are
related modules. They could use one or two new keys.
When adding a new call to Encryption, we should think about it. Perhaps this
would be forced a bit more by passing a parameter to K::E indicating which key
to use?
Opening the discussion :) What do you think?
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
