biblibre / hea-ws Goto Github PK
View Code? Open in Web Editor NEWHea Web Service
Home Page: https://gitlab.com/koha-community/hea-ws
Hea Web Service
Home Page: https://gitlab.com/koha-community/hea-ws
@PaulPoulain hi !
I started to look at the code of hea, and for my limited understanding of it, it seems that library-id could be enumerated too easily.
When a library post data for the first time, it don't provide library-id, and hea-ws generate a new one, returned to the library.
But the algorithm used for the library-id is poorly randomized: it is the hash of:
A better random id should be generated, for example using a third-party library like
Data::Entropy, Crypt::Random, Math::Random::Secure, or Math::TrulyRandom. The size of the random part should be big enought to discard any enumeration possibility (128 bit of entropy for example). The size of the id it-self will be the same as it is hashed.
The problem with enumeration is that it could compromise the quality of data on hea: any person that can guest the library-id could delete and replace the values of a library. Please note, that it don't protect against new "bad" data.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.