https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42179
--- Comment #7 from David Cook <[email protected]> --- (In reply to Olivier Hubert from comment #6) > (In reply to David Cook from comment #5) > > > > Note also that someone with report permissions could easily lookup the > > Microsoft365GraphClientId and Microsoft365GraphClientSecret. I don't think > > we have a good way of storing secrets in system preferences at the moment. > > (While we do store secrets in them, I think moving forward we always want to > > be striving to do better.) > > From what I understand of Report.pm' FORBIDDEN_COLUMN_MATCHES, any column > with the word "secret" (case-insensitive) should be intercepted and never > disclosed by any report. It's why I did not change anything at that level > after adding in patch on bz38338. > > I'm unsure about the ClientId though. Is it considered sensitive > information? Should it also be filtered by Report.pm? So the column name would be "variable" in this case, so that forbidden feature wouldn't come into play. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
