https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41310
Bug ID: 41310
Summary: Add remote_ip (REMOTE_ADDR) to action_logs table to
improve security auditing
Initiative type: ---
Sponsorship ---
status:
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Context:
Currently, the action_logs table records what happened, when it happened, and
who performed the action. However, it does not record the network context
(source IP) of the request.
The Problem:
For security auditing, it is necessary to trace an action back to a specific IP
address. This is critical when:
1. A staff account is compromised (distinguishing the attacker from the real
user).
2. Multiple concurrent sessions exist for the same user (e.g., logged in at the
desk and on a mobile device).
The Session data:
The sessions table in Koha is temporary, which may even be stored cache or
filesystem. If we store the session_id in action_logs, we can only link it to
an IP address while the session is still active. Once the session is cleared,
we will lose the IP address history.
Proposed Solution:
We should capture the REMOTE_ADDR at the time the action occurs and store it
directly into a new column in the action_logs table. This ensures the audit
trail remains complete permanently, regardless of the session status.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
