|
|
|
[
Permlink
| « Hide
]
Martin Dougiamas - 26/Sep/07 11:16 AM
I don't think we can change the URL but we should definitely have more warnings there to alert people of the security implications if they bookmark it, use download accelerators etc
Hello:
* The keys are not visible by default on that form * the keys may be disabled completely by configuration option * there is an IP restriction for each key * the date field limits the usability of the key * keys are defined per course/user only - key can be used to get access to grades of that course only I would recommend to not use the keys if security is a problem. On the other hand we might add special capability for creating of grade import/export keys, so that admins have a way to limit who can use this feature and not just turn it off for everybody. I have added:
* new permissions to control the publishing - admin by default only * default iprestriction and 7 days validity - just in case somebody just clicks to create a new key Clearing the security flag so that anybody can read this issue - I hope somebody will write a good help page soon, the main emphasis should be IMO on ip restrictions.
closing, the ip restriction prevents against this problem, the default settings should not encourage bad practices.
thanks very much for the valuable input! please reopen if needed |
||||||||||||||||||||||||||||||||||||||||||||