> to assign the superlibrarian permission to a service account "just to get it > working"
Looks like the equivalent of `sudo chmod -R 777 *` ;) Le mer. 4 janv. 2023 à 16:11, Galen Charlton <g...@equinoxoli.org> a écrit : > > Hi, > > On Tue, Jan 3, 2023 at 7:58 PM David Cook <dc...@prosentient.com.au> wrote: > > It seems to me that we should just stop at “Authorization failure”. While it > > might be helpful for a dev to know what the required permissions are, > > I think it would also be overly helpful for an attacker to know what > > permissions are required too, no? > > I don't feel strongly about it, but lean towards including the details for > the sake of anybody trying to use the API. After all, the game is already up > if the attacker is able to grant additional permissions to the service > account. > > This may be a stretch, but another advantage of including the details is to > reduce any temptation to assign the superlibrarian permission to a service > account "just to get it working". > > Regards, > > Galen > -- > Galen Charlton > Implementation and IT Manager > Equinox Open Library Initiative > g...@equinoxoli.org > https://www.equinoxOLI.org > phone: 877-OPEN-ILS (673-6457) > direct: 770-709-5581 > _______________________________________________ > Koha-devel mailing list > Koha-devel@lists.koha-community.org > https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel > website : https://www.koha-community.org/ > git : https://git.koha-community.org/ > bugs : https://bugs.koha-community.org/ _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : https://www.koha-community.org/ git : https://git.koha-community.org/ bugs : https://bugs.koha-community.org/
