]> git.koha-community.org Git - koha.git/commit
Bug 27812: Remove the ability to transmit a patron's plain text password over email
authorKyle M Hall <kyle@bywatersolutions.com>
Fri, 26 Feb 2021 18:16:58 +0000 (13:16 -0500)
committerFridolin Somers <fridolin.somers@biblibre.com>
Thu, 17 Mar 2022 21:22:56 +0000 (11:22 -1000)
commit9d1abe06323b06542570ef45b65eb2c54b1a9976
tree758809612dca3a2962d32f21d58558ead9c72605
parent9b3bad3eeaba2620b64ae6aa7639b7cf6435522a
Bug 27812: Remove the ability to transmit a patron's plain text password over email

We should not give libraries the ability to compromise patron accounts,
it is considered a huge security issue and nobody in network security
would never recommend allowing passwords to be transmitted in clear text
over email.

It should simply not be possible to send a patron's password in plain text
via email. As such, we should remove this ability from Koha.

Test Plan:
1) Apply this patch
2) Create a patron to generate the ACCTDETAILS email
3) Note you can no longer transmit the patron's password in the email

Signed-off-by: Amit Gupta <amitddng135@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
installer/data/mysql/en/mandatory/sample_notices.yml
members/memberentry.pl