Cheers, Jonathan. I had totally forgotten about that. Yikes.
Good call, Chris. While I think many mail servers these days use TLS to secure the email between the mail servers, an unscrupulous administrator could still certainly take advantage of people on either end. The best idea probably is to just not use AutoEmailOpacUser, as Jonathan seems to suggest. David Cook Systems Librarian Prosentient Systems 72/330 Wattle St Ultimo, NSW 2007 Australia Office: 02 9212 0899 Direct: 02 8005 0595 From: Jonathan Druart [mailto:jonathan.dru...@bugs.koha-community.org] Sent: Tuesday, 19 June 2018 12:07 AM To: Christopher Nighswonger <chris.nighswon...@gmail.com> Cc: David Cook <dc...@prosentient.com.au>; Koha Devel <koha-devel@lists.koha-community.org> Subject: Re: [Koha-devel] Why we do not push the ACCTDETAILS email via message queue? It has been reported (by David) on our bug tracker already (20796, security area, which does no longer make sense at it is public now...) For information this notice contains the password in clear for... 10 years now (bug 2149) and the behavior is turned off by default (AutoEmailOpacUser). On Mon, 18 Jun 2018 at 10:11 Christopher Nighswonger <chris.nighswon...@gmail.com <mailto:chris.nighswon...@gmail.com> > wrote: Considering that email is plaintext (AKA "postcard") mail, I'm surprised we would send a user's password in an email in any case. On Mon, Jun 18, 2018 at 4:14 AM, David Cook <dc...@prosentient.com.au <mailto:dc...@prosentient.com.au> > wrote: Considering that the borrower’s password is typically in the ACCTDETAILS email, I think using the message_queue for ACCTDETAILS would be a bad idea and would probably violate the GDPR in Europe. Just imagine looking through your database and seeing all those plain text passwords, especially for people who re-use the same password for everything. I think it would be a security and privacy nightmare. David Cook Systems Librarian Prosentient Systems 72/330 Wattle St Ultimo, NSW 2007 Australia Office: 02 9212 0899 <tel:02%2092%2012%2008%2099> Direct: 02 8005 0595 <tel:02%2080%2005%2005%2095> From: koha-devel-boun...@lists.koha-community.org <mailto:koha-devel-boun...@lists.koha-community.org> [mailto:koha-devel-boun...@lists.koha-community.org <mailto:koha-devel-boun...@lists.koha-community.org> ] On Behalf Of Sophie Meynieux Sent: Friday, 15 June 2018 9:33 PM To: koha-devel@lists.koha-community.org <mailto:koha-devel@lists.koha-community.org> Subject: Re: [Koha-devel] Why we do not push the ACCTDETAILS email via message queue? Maybe because for this message you're expecting it is sent immediately while message_queue table could be processed more occasionally ? Best regards S. Meynieux -- Responsable support BibLibre + 33 (0)4 91 81 35 08 <tel:04%2091%2081%2035%2008> http://www.biblibre.com Le 15/06/2018 à 12:40, Indranil Das Gupta a écrit : Hi all, I was wondering why we do not push the ACCTDETAILS email via the message queue. Is it just one of those cases of "as things have always been done" OR there is a reason that I'm missing out? cheers indranil. Indranil Das Gupta L2C2 Technologies Phone : +91-98300-20971 <tel:+91%2098300%2020971> Blog : http://blog.l2c2.co.in IRC : indradg on irc://irc.freenode.net <http://irc.freenode.net> Twitter : indradg _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org <mailto:Koha-devel@lists.koha-community.org> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/ _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org <mailto:Koha-devel@lists.koha-community.org> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/ _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org <mailto:Koha-devel@lists.koha-community.org> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
