http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12227
Bug ID: 12227 Summary: remove demo user functionality Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: gmcha...@gmail.com Reporter: gmcha...@gmail.com QA Contact: testo...@bugs.koha-community.org CC: dpav...@rot13.org There is a legacy authentication mode whereby if you enable a "demo" setting in koha-conf.xml, one can log in as a user with username "demo" and password "demo". This user acts as a superlibrarian with two exceptions: [1] not able to modify system preferences [2] not able to save changes to MARC frameworks This represents a wart in the authentication code for a very limited use case -- and warts in authentication code can turn into security exposures. The special case should be removed. If folks still want to be able to create demo systems with high-privilege staff accounts that can't touch MARC frameworks or system preferences, that can be addressed by adding a couple more granular permissions. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/