Le 02/11/2016 à 12:22, RakeshKumar Singh a écrit :
Dear Sir,
Good morning Sir,
There are few security issue of koha on which we need some clarification and
help in resolving .These issue are as below:
Issue No 1: In our application , when we login a session is created and saved
in cookies of the browser. when we try to open an restricted page of our
application from different instance of same browser we are able to get the
access as we have already logged in from same browser . As per my understanding
this is happening because the session id is getting stored in cookies. this may
be also because of sharing of Cookies value across different tabs of the same
browser for the same application.
Requirement : What we want in our application is how to avoid sharing of
cookies across same browsers or different browsers.
How do you access your different instances ?
Does each instance have a VirtualHost or does each instance use a
specific port on the same hostname ?
Issue No 2: There is no Salted Password Mechanism in Koha as per our findings
. When ever we login to the application the password can easily be tracked by
any proxy as there is no salted mechanism implemented.
You should use HTTPS to secure the authentication system.
Note that inside database the password is salted and well encrypted.
We are facing issue in the resolving these issues .
Request you to please help us in this .
thanks in advance.
On 11/01/16 09:13 PM, [email protected] wrote:
Nau Mai, Haere Mai ki te whanau Koha. Hello and Welcome to the Koha
Community.
This is just a brief email to help you make the most of the community,
and the community make the most of you.
The best thing you can do to start is to introduce yourself. A brief
email to this mailing list saying who you are and what you want to do
is a great way to do that.
This is the general discussion list for librarians and others
interested in the Koha FOSS (free & open-source software) LMS/ILS
(library management system/integrated library system) and related
activities. It is a companion to other email lists (see
<http://lists.koha-community.org/>) that discuss future development or
aspects of the application.
Before posting to the list, it's always good to read/search through
the mailing list archive <http://dir.gmane.org/gmane.comp.misc.koha>
and the manual and FAQs <http://koha-community.org/documentation> for
answers to your questions.
Please feel free to use this list for announcements, questions and
discussions on relevant topics, and please try to keep it positive and
polite. Pro-free-software LMS/ILS news is welcome. Debating
definitions of “free” is not.
Please send plain text emails and if you opt for the digest, change
the subject line when you reply (as described at the top of the
digest). In general, try to keep subject lines accurate and try to
write the sort of message that you'd be happy if it appeared on the
letters page of a national newspaper or magazine. Other useful
netiquette guidelines can be found in Internet RFC 1855
<http://tools.ietf.org/rfc/rfc1855.txt>.
Emails from non-subscribers (and other emails held for review) will
usually be sent to this list in a batch once a day.
Websites and bloggers may find the gmane archive
<http://dir.gmane.org/gmane.comp.misc.koha> more useful for linking,
because its comment system is open to all.
Some other useful sites to keep an eye on are included below:
- Koha project home page <http://koha-community.org> - Here you will
find links to other Koha websites and announcements of interest to the
Koha community.
- Koha Bugs <http://bugs.koha-community.org> - Here you will find
enhancement projects as well as bugs
- Koha Developer Wiki <http://wiki.koha-community.org> - information
about the development process and RFCs (Request for Comments)
- Koha Git Repository <http://git.koha-community.org/> - patches and
enhancements to Koha from the community
- Koha Documentation <http://koha-community.org/documentation>
We look forward to meeting you and working with you.
--
Fridolin SOMERS
Biblibre - Pôles support et système
[email protected]
_______________________________________________
Koha mailing list http://koha-community.org
[email protected]
https://lists.katipo.co.nz/mailman/listinfo/koha