History | Log In     View a printable version of the current page.  
   HOME       BROWSE PROJECT       FIND ISSUES   
    QUICK SEARCH:  
We are currently focused especially on Moodle 2.0, Moodle 1.9.x bugs and Moodle 1.9.x testing.    Confused? Lost? Please read this introduction to the Tracker.
Issue Details (XML | Word | Printable)

Key: MDL-11451
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Minor Minor
Assignee: Petr Škoda
Reporter: Francois Marier
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Moodle

Exporting grades with a key may accidently publish the URL

Created: 26/Sep/07 11:02 AM   Updated: 27/Sep/07 04:51 PM
Component/s: Gradebook
Affects Version/s: 1.9
Fix Version/s: 1.9

Participants: Francois Marier, Martin Dougiamas and Petr Škoda
Security Level: None


 Description  « Hide
At the New Zealand Moodle Moot, Martin demonstrated a way to publish grades using a special URL which contains a secret key encoded in it. Giving the URL to other people gives them access to the grades.

Since grades are quite sensitive, it becomes a security problem when they are exposed accidently to third parties.

Here are two scenarios where this URL could become public:

1- The user bookmarks it and is using a community bookmarking system like del.icio.us Other users of that system may now find it, but Google can also index it.

2- Windows users sometime have "download accelerators" which report to a central server what URLs people are downloading. There have been cases where these URLs are then shared with the public, for example in "top 10" lists or "current downloads".

Therefore, I think the potential for users unknowingly sharing their grades is real.

One way, this could be mitigated is to split this into two pieces of information:
- a secret key
- a page where the user goes and where they need to enter the secret key and press submit.

 All   Comments   Change History   Version Control      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Martin Dougiamas - 26/Sep/07 11:16 AM
I don't think we can change the URL but we should definitely have more warnings there to alert people of the security implications if they bookmark it, use download accelerators etc

[ Permlink | « Hide ]
Petr Škoda - 26/Sep/07 04:38 PM
Hello:
* The keys are not visible by default on that form
* the keys may be disabled completely by configuration option
* there is an IP restriction for each key
* the date field limits the usability of the key
* keys are defined per course/user only - key can be used to get access to grades of that course only

I would recommend to not use the keys if security is a problem.

On the other hand we might add special capability for creating of grade import/export keys, so that admins have a way to limit who can use this feature and not just turn it off for everybody.

[ Permlink | « Hide ]
Petr Škoda - 27/Sep/07 03:10 PM
I have added:
* new permissions to control the publishing - admin by default only
* default iprestriction and 7 days validity - just in case somebody just clicks to create a new key

[ Permlink | « Hide ]
Petr Škoda - 27/Sep/07 03:11 PM
Clearing the security flag so that anybody can read this issue - I hope somebody will write a good help page soon, the main emphasis should be IMO on ip restrictions.

[ Permlink | « Hide ]
Petr Škoda - 27/Sep/07 04:51 PM
closing, the ip restriction prevents against this problem, the default settings should not encourage bad practices.
thanks very much for the valuable input!

please reopen if needed


Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.12.1-#299) - Bug/feature request - Atlassian news - Contact Administrators


moodlelogo