Besides the security hole I just patched, I think the "Till Reconciliation" report in 3.x has other serious deficiencies, mostly related to simplistic structure underlying fines. If it seems unfamiliar, it should be. I commented it out of the interface just before the 3.0 release when I started to realize the problems with it, but the report script itself was still there. Recently some of our clients found it and started trying to use it. So here's my argument that it should be removed outright.
The branch of the fine payment transaction does not exist in the accountlines table. No provisions to record that information exist. Even if branchcode were recorded it would not be effective as a real P.O.S. reconciliation report, because it wouldn't differentiate between any of the various stations in the same branch. Here's the part I really don't like. In the retail world a "Till Reconciliation" report is used daily to balance out a cash drawer and total up the day's transactions before an evening deposit. This is the type of "evidence" used to fire someone when their register comes up short. The report as it stands, despite appearances, is totally useless for that purpose and should not be attributed any authority at all. Basically, Koha does not have 1-to-1 assurances for the physical location or uniqueness of the remote user, system or branch. Koha does not establish the identity of remote systems, only the remote user. In that sense it is a web application, and not a P.O.S. system. It doesn't care where on the Internet you are, as long as you remember your login. We can have multiple terminals on the same IP, mutliple browsers on the same system, the same system on multiple IPs, the same user on multiple sessions, etc. In short, we don't know what "till" any payment went to, and as it stands we don't even know what branch. IP level filtering can be used to restrict access to known networks, but that is not tracked by any internal logic. Adding the branch and operator to fine transactions, and outputting it is relatively modest refinement compared to making that data verifiable. None of the fines enhancement LibLime is currently discussing include establishing the remote system identity in a truly auditable way (like, say, client-side certificates). Please keep in mind I support the idea/workflow of this report, I just think that we cannot allow the current implementation to be mistaken for valid. Any complaints about removing it until fines is overhauled, comments or considerations? --Joe Atzberger, LibLime
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha.org http://lists.koha.org/mailman/listinfo/koha-devel
