[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Koha-devel] Security with MySQL and PHP
|
From: |
Paul POULAIN |
|
Subject: |
Re: [Koha-devel] Security with MySQL and PHP |
|
Date: |
Fri, 02 Mar 2007 15:54:00 +0100 |
|
User-agent: |
Thunderbird 1.5.0.9 (X11/20070111) |
Pascale Nalon a écrit :
Hello,
As RespInfo for my library branch, I often receive mails for security
warning (like this : http://www.php-security.org/index.html) on MySQL DB
and PHP.
What's your mind about these problems ?
What're the risks with Koha ?
Hi Pascale,
1st of all, Koha is written in Perl, so PHP bugs don't concern us ;-)
2nd : mySQL problem could concern us, but only if mySQL was open to the
rest of the world. Koha is a complete software, and the user don't have
any direct access to the database. Only Koha features can be accessed.
Thus, I think our only goal is to have a secured Koha (= ie : no way to
do things without the requested privilege)
A sample of an insecure Koha is given in my feb, 9th mail on this list.
We also have to split the risks in 3 kinds :
- security holes needing a librarian login
- security hole needing a login
- security hole needing no login at all.
someone will complete if i'm missing something, i'm not a security guru...
--
Paul POULAIN et Henri Damien LAURENT
Consultants indépendants
en logiciels libres et bibliothéconomie (http://www.koha-fr.org)
Tel : 04 91 31 45 19