Hi, I am looking for some feedback on the following. Opened Bugzilla report 9164 for it.
Would it be an idea to separate the Koha password of kohaadmin [or whatever you name it during installation] from the database password (in terms of security)? Furthermore, is it necessary that kohaadmin can login via opac? And even, could we disable staff client login via kohaadmin under normal circumstances, only allowing login under special conditions (installer, maintenance mode, or so). We could define these conditions and provide a way for system administrators to "force these conditions" without compromising security again. Do you think we need it? What would be your best way to enable kohaadmin login again? Thanks! Marcel
_______________________________________________ Koha-devel mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
