Differences

This shows you the differences between two versions of the page.

--- administration:security [2022/10/18 17:03] – [Securing User Credentials] demiankatz
+++ administration:security [2022/10/18 17:04] – [Securing User Credentials] demiankatz
@@ Line 79: / Line 79: @@
 VuFind stores some user information in its database.  Starting with VuFind 2.0RC1, you have the option to perform extra hashing/encryption to protect these credentials.  The settings are off by default in [[configuration:files:config.ini]], but they can be enabled through VuFind's auto-configuration pages.  Enabling security is highly recommended.
-When using some [[configuration:authentication]] options, you have the ability to pre-populate user ILS credentials in the database. In some scenarios, it is possible to configure ILS drivers to look up users based only on usernames or other "public knowledge" fields. In these cases, you should disable direct user login using the allowUserLogin setting in the [Catalog] section of [[configuration:files:config.ini]] to eliminate the possibility of users attempting to impersonate one another.
+When using some [[configuration:authentication]] options, you have the ability to pre-populate user ILS credentials in the database. In some scenarios, it is possible to configure ILS drivers to look up users based only on usernames or other "public knowledge" fields. In these cases, you should disable direct user login using the allowUserLogin setting in the [Catalog] section of [[configuration:files:config.ini]] to eliminate the possibility of users attempting to impersonate one another. This setting was introduced in VuFind 9.0.
 ===== Using a Content Security Policy =====