https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42179
Olivier Hubert <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #6 from Olivier Hubert <[email protected]> --- (In reply to David Cook from comment #5) > > Note also that someone with report permissions could easily lookup the > Microsoft365GraphClientId and Microsoft365GraphClientSecret. I don't think > we have a good way of storing secrets in system preferences at the moment. > (While we do store secrets in them, I think moving forward we always want to > be striving to do better.) From what I understand of Report.pm' FORBIDDEN_COLUMN_MATCHES, any column with the word "secret" (case-insensitive) should be intercepted and never disclosed by any report. It's why I did not change anything at that level after adding in patch on bz38338. I'm unsure about the ClientId though. Is it considered sensitive information? Should it also be filtered by Report.pm? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
