http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12227
Bug ID: 12227
Summary: remove demo user functionality
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Authentication
Assignee: gmcha...@gmail.com
Reporter: gmcha...@gmail.com
QA Contact: testo...@bugs.koha-community.org
CC: dpav...@rot13.org
There is a legacy authentication mode whereby if you enable a "demo" setting in
koha-conf.xml, one can log in as a user with username "demo" and password
"demo".
This user acts as a superlibrarian with two exceptions:
[1] not able to modify system preferences
[2] not able to save changes to MARC frameworks
This represents a wart in the authentication code for a very limited use case
-- and warts in authentication code can turn into security exposures.
The special case should be removed. If folks still want to be able to create
demo systems with high-privilege staff accounts that can't touch MARC
frameworks or system preferences, that can be addressed by adding a couple more
granular permissions.
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
