We could make a list of them. It could be the "libraries who don't care about
their users privacy" list.
I'm only mostly joking
Chris
On June 20, 2018 12:06:52 PM GMT+12:00, David Cook <dc...@prosentient.com.au>
wrote:
>I think that would probably be the best way of going about it, but I’m
>sure there are a lot of libraries that wouldn’t be happy about it.
>
>
>
>David Cook
>
>Systems Librarian
>
>Prosentient Systems
>
>72/330 Wattle St
>
>Ultimo, NSW 2007
>
>Australia
>
>
>
>Office: 02 9212 0899
>
>Direct: 02 8005 0595
>
>
>
>From: koha-devel-boun...@lists.koha-community.org
>[mailto:koha-devel-boun...@lists.koha-community.org] On Behalf Of Liz
>Rea
>Sent: Tuesday, 19 June 2018 12:26 PM
>To: koha-devel@lists.koha-community.org
>Subject: Re: [Koha-devel] Why we do not push the ACCTDETAILS email via
>message queue?
>
>
>
>I feel like instead of sending people a password, we should send them
>to the "forgot password reset page" with a couple of slight changes for
>new account holders, so they can set their own passwords.
>
>Seems better than sending the password in the clear in an email.
>
>Cheers,
>Liz
>
>
>
>On 19/06/18 12:21, David Cook wrote:
>
>Cheers, Jonathan. I had totally forgotten about that. Yikes.
>
>
>
>Good call, Chris. While I think many mail servers these days use TLS to
>secure the email between the mail servers, an unscrupulous
>administrator could still certainly take advantage of people on either
>end. The best idea probably is to just not use AutoEmailOpacUser, as
>Jonathan seems to suggest.
>
>
>
>David Cook
>
>Systems Librarian
>
>Prosentient Systems
>
>72/330 Wattle St
>
>Ultimo, NSW 2007
>
>Australia
>
>
>
>Office: 02 9212 0899
>
>Direct: 02 8005 0595
>
>
>
>From: Jonathan Druart [mailto:jonathan.dru...@bugs.koha-community.org]
>Sent: Tuesday, 19 June 2018 12:07 AM
>To: Christopher Nighswonger <mailto:chris.nighswon...@gmail.com>
><chris.nighswon...@gmail.com>
>Cc: David Cook <mailto:dc...@prosentient.com.au>
><dc...@prosentient.com.au>; Koha Devel
><mailto:koha-devel@lists.koha-community.org>
><koha-devel@lists.koha-community.org>
>Subject: Re: [Koha-devel] Why we do not push the ACCTDETAILS email via
>message queue?
>
>
>
>It has been reported (by David) on our bug tracker already (20796,
>security area, which does no longer make sense at it is public now...)
>
>
>
>For information this notice contains the password in clear for... 10
>years now (bug 2149) and the behavior is turned off by default
>(AutoEmailOpacUser).
>
>
>
>
>
>On Mon, 18 Jun 2018 at 10:11 Christopher Nighswonger
><chris.nighswon...@gmail.com <mailto:chris.nighswon...@gmail.com>
><mailto:chris.nighswon...@gmail.com>
><mailto:chris.nighswon...@gmail.com> > wrote:
>
>Considering that email is plaintext (AKA "postcard") mail, I'm
>surprised we would send a user's password in an email in any case.
>
>
>
>
>
>On Mon, Jun 18, 2018 at 4:14 AM, David Cook <dc...@prosentient.com.au
><mailto:dc...@prosentient.com.au> <mailto:dc...@prosentient.com.au>
><mailto:dc...@prosentient.com.au> > wrote:
>
>Considering that the borrower’s password is typically in the
>ACCTDETAILS email, I think using the message_queue for ACCTDETAILS
>would be a bad idea and would probably violate the GDPR in Europe.
>
>
>
>Just imagine looking through your database and seeing all those plain
>text passwords, especially for people who re-use the same password for
>everything. I think it would be a security and privacy nightmare.
>
>
>
>David Cook
>
>Systems Librarian
>
>Prosentient Systems
>
>72/330 Wattle St
>
>Ultimo, NSW 2007
>
>Australia
>
>
>
>Office: 02 9212 0899 <tel:02%2092%2012%2008%2099>
>
>Direct: 02 8005 0595 <tel:02%2080%2005%2005%2095>
>
>
>
>From: koha-devel-boun...@lists.koha-community.org
><mailto:koha-devel-boun...@lists.koha-community.org>
><mailto:koha-devel-boun...@lists.koha-community.org>
><mailto:koha-devel-boun...@lists.koha-community.org>
>[mailto:koha-devel-boun...@lists.koha-community.org
><mailto:koha-devel-boun...@lists.koha-community.org>
><mailto:koha-devel-boun...@lists.koha-community.org> ] On Behalf Of
>Sophie Meynieux
>Sent: Friday, 15 June 2018 9:33 PM
>To: koha-devel@lists.koha-community.org
><mailto:koha-devel@lists.koha-community.org>
><mailto:koha-devel@lists.koha-community.org>
><mailto:koha-devel@lists.koha-community.org>
>Subject: Re: [Koha-devel] Why we do not push the ACCTDETAILS email via
>message queue?
>
>
>
>Maybe because for this message you're expecting it is sent immediately
>while message_queue table could be processed more occasionally ?
>
>Best regards
>
>S. Meynieux
>
>
>
>
>
>
>
>_______________________________________________
>Koha-devel mailing list
>Koha-devel@lists.koha-community.org
><mailto:Koha-devel@lists.koha-community.org>
>http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
>website : http://www.koha-community.org/
>git : http://git.koha-community.org/
>bugs : http://bugs.koha-community.org/
>
>
>
>
>
>--
>--
>Liz Rea
>Catalyst.Net Limited
>Level 6, Catalyst House,
>150 Willis Street, Wellington.
>P.O Box 11053, Manners Street,
>Wellington 6142
>04 803 2265
>
>GPG: B149 A443 6B01 7386 C2C7 F481 B6c2 A49D 3726 38B7
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
