http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12227
Bug ID: 12227
Summary: remove demo user functionality
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Authentication
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
There is a legacy authentication mode whereby if you enable a "demo" setting in
koha-conf.xml, one can log in as a user with username "demo" and password
"demo".
This user acts as a superlibrarian with two exceptions:
[1] not able to modify system preferences
[2] not able to save changes to MARC frameworks
This represents a wart in the authentication code for a very limited use case
-- and warts in authentication code can turn into security exposures.
The special case should be removed. If folks still want to be able to create
demo systems with high-privilege staff accounts that can't touch MARC
frameworks or system preferences, that can be addressed by adding a couple more
granular permissions.
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
