[#MDL-11451] Exporting grades with a key may accidently publish the URL

Issue Details (XML | Word | Printable)

Key:	MDL-11451
Type:	Bug
Status:	Resolved
Resolution:	Fixed
Priority:	Minor
Assignee:	Petr Skoda
Reporter:	Francois Marier
Votes:	0
Watchers:	0

Operations

Add/Edit UI Mockup to this issue

If you were logged in you would be able to see more operations.

Moodle

Exporting grades with a key may accidently publish the URL

Created: 26/Sep/07 11:02 AM Updated: 27/Sep/07 04:51 PM

Return to search

Component/s:

Gradebook

Affects Version/s:

1.9

Fix Version/s:

1.9

Participants:	Francois Marier, Martin Dougiamas and Petr Skoda
Security Level:	None
Resolved date:	27/Sep/07
Affected Branches:	MOODLE_19_STABLE
Fixed Branches:	MOODLE_19_STABLE

Description

« Hide

At the New Zealand Moodle Moot, Martin demonstrated a way to publish grades using a special URL which contains a secret key encoded in it. Giving the URL to other people gives them access to the grades.

Since grades are quite sensitive, it becomes a security problem when they are exposed accidently to third parties.

Here are two scenarios where this URL could become public:

1- The user bookmarks it and is using a community bookmarking system like del.icio.us Other users of that system may now find it, but Google can also index it.

2- Windows users sometime have "download accelerators" which report to a central server what URLs people are downloading. There have been cases where these URLs are then shared with the public, for example in "top 10" lists or "current downloads".

Therefore, I think the potential for users unknowingly sharing their grades is real.

One way, this could be mitigated is to split this into two pieces of information:
- a secret key
- a page where the user goes and where they need to enter the secret key and press submit.

All

Comments

Change History

Version Control

Sort Order:

[ Permalink | « Hide ]

Martin Dougiamas added a comment - 26/Sep/07 11:16 AM

I don't think we can change the URL but we should definitely have more warnings there to alert people of the security implications if they bookmark it, use download accelerators etc

[ Permalink | « Hide ]

Petr Skoda added a comment - 26/Sep/07 04:38 PM

Hello:

The keys are not visible by default on that form
the keys may be disabled completely by configuration option
there is an IP restriction for each key
the date field limits the usability of the key
keys are defined per course/user only - key can be used to get access to grades of that course only

I would recommend to not use the keys if security is a problem.

On the other hand we might add special capability for creating of grade import/export keys, so that admins have a way to limit who can use this feature and not just turn it off for everybody.

Yu Zhang made changes - 27/Sep/07 10:04 AM

Field	Original Value	New Value
Assignee	Yu Zhang [ lazyfish ]	Petr Skoda [ skodak ]

Petr Skoda committed 27 files to 'Moodle CVS' - 27/Sep/07 02:51 PM

~~MDL-11451~~ grade publishing security/privacy improved - new capabilities needed for publishing, by default allowed only for admins; added warning to publishing option

MODIFY	grade/export/xml/version.php	Rev. 1.3	(+2 -2 lines)
MODIFY	grade/import/xml/db/access.php	Rev. 1.2	(+9 -1 lines)
MODIFY	grade/export/xml/index.php	Rev. 1.32	(+5 -1 lines)
MODIFY	grade/export/xml/dump.php	Rev. 1.3	(+7 -1 lines)
MODIFY	grade/export/ods/index.php	Rev. 1.26	(+5 -1 lines)
MODIFY	grade/export/xls/dump.php	Rev. 1.3	(+6 -0 lines)
MODIFY	lang/en_utf8/gradeexport_xml.php	Rev. 1.4	(+2 -1 lines)
MODIFY	lang/en_utf8/gradeexport_txt.php	Rev. 1.4	(+2 -1 lines)
MODIFY	lang/en_utf8/grades.php	Rev. 1.105	(+2 -2 lines)
MODIFY	grade/export/xml/db/access.php	Rev. 1.2	(+11 -1 lines)
MODIFY	grade/export/txt/dump.php	Rev. 1.3	(+6 -0 lines)
MODIFY	lang/en_utf8/Attic/gradeexport_csv.php	Rev. 1.4	(+2 -1 lines)
MODIFY	lang/en_utf8/gradeexport_xls.php	Rev. 1.4	(+2 -1 lines)
MODIFY	grade/import/xml/fetch.php	Rev. 1.2	(+7 -1 lines)
MODIFY	lang/en_utf8/gradeexport_ods.php	Rev. 1.4	(+2 -1 lines)
MODIFY	grade/export/ods/dump.php	Rev. 1.3	(+7 -1 lines)
MODIFY	grade/export/txt/version.php	Rev. 1.4	(+2 -2 lines)
MODIFY	grade/export/ods/version.php	Rev. 1.3	(+2 -2 lines)
MODIFY	grade/export/txt/index.php	Rev. 1.30	(+5 -1 lines)
MODIFY	grade/export/ods/db/access.php	Rev. 1.2	(+11 -1 lines)
MODIFY	lang/en_utf8/gradeimport_xml.php	Rev. 1.5	(+2 -1 lines)
MODIFY	grade/import/xml/index.php	Rev. 1.20	(+5 -1 lines)
MODIFY	grade/import/xml/version.php	Rev. 1.4	(+2 -2 lines)
MODIFY	grade/export/xls/db/access.php	Rev. 1.2	(+11 -1 lines)
MODIFY	grade/export/xls/index.php	Rev. 1.25	(+5 -1 lines)
MODIFY	grade/export/txt/db/access.php	Rev. 1.2	(+11 -1 lines)
MODIFY	grade/export/xls/version.php	Rev. 1.3	(+2 -2 lines)

Petr Skoda committed 5 files to 'Moodle CVS' - 27/Sep/07 02:56 PM

~~MDL-11451~~ fixing silly typo in cap name

MODIFY	grade/import/xml/fetch.php	Rev. 1.3	(+2 -2 lines)
MODIFY	grade/export/xml/dump.php	Rev. 1.4	(+2 -2 lines)
MODIFY	grade/export/txt/dump.php	Rev. 1.4	(+2 -2 lines)
MODIFY	grade/export/xls/dump.php	Rev. 1.4	(+2 -2 lines)
MODIFY	grade/export/ods/dump.php	Rev. 1.4	(+2 -2 lines)

Petr Skoda committed 2 files to 'Moodle CVS' - 27/Sep/07 03:06 PM

~~MDL-11451~~ adding default ipaddress restriction and 7 days lifetime for user key

MODIFY	grade/import/xml/grade_import_form.php		Rev. 1.3		(+3 -1 lines)
MODIFY	grade/export/grade_export_form.php		Rev. 1.24		(+4 -1 lines)

[ Permalink | « Hide ]

Petr Skoda added a comment - 27/Sep/07 03:10 PM

I have added:

new permissions to control the publishing - admin by default only
default iprestriction and 7 days validity - just in case somebody just clicks to create a new key

Petr Skoda made changes - 27/Sep/07 03:10 PM

Security

Possible security issue [ 10002 ]

[ Permalink | « Hide ]

Petr Skoda added a comment - 27/Sep/07 03:11 PM

Clearing the security flag so that anybody can read this issue - I hope somebody will write a good help page soon, the main emphasis should be IMO on ip restrictions.

[ Permalink | « Hide ]

Petr Skoda added a comment - 27/Sep/07 04:51 PM

closing, the ip restriction prevents against this problem, the default settings should not encourage bad practices.
thanks very much for the valuable input!

please reopen if needed

Petr Skoda made changes - 27/Sep/07 04:51 PM

Status	Open [ 1 ]	Resolved [ 5 ]
Fix Version/s		1.9 [ 10190 ]
Resolution		Fixed [ 1 ]

Mitsuhiro Yoshida committed 6 files to 'Lang CVS' - 28/Sep/07 12:13 AM

Translated new strings for grade publishing ~~MDL-11451~~.

MODIFY	ja_utf8/gradeimport_xml.php	Rev. 1.5	(+1 -0 lines)
MODIFY	ja_utf8/gradeexport_ods.php	Rev. 1.4	(+2 -1 lines)
MODIFY	ja_utf8/gradeexport_xml.php	Rev. 1.4	(+2 -1 lines)
MODIFY	ja_utf8/gradeexport_xls.php	Rev. 1.4	(+2 -1 lines)
MODIFY	ja_utf8/Attic/gradeexport_csv.php	Rev. 1.4	(+2 -1 lines)
MODIFY	ja_utf8/gradeexport_txt.php	Rev. 1.4	(+2 -1 lines)

Mitsuhiro Yoshida committed 1 file to 'Lang CVS' - 28/Sep/07 01:23 AM

Updated a translated string for grade publishing based on lang/en_utf8 change ~~MDL-11451~~.

MODIFY

ja_utf8/grades.php

Rev. 1.77

(+2 -2 lines)

martignoni committed 1 file to 'Lang CVS' - 29/Sep/07 04:30 AM

~~MDL-11451~~ grade publishing security/privacy improved, first part

MODIFY

fr_utf8/Attic/gradeexport_csv.php

Rev. 1.4

(+3 -2 lines)

martignoni committed 5 files to 'Lang CVS' - 29/Sep/07 08:38 PM

~~MDL-11451~~ grade publishing security/privacy improved - new capabilities needed for publishing, second part

MODIFY	fr_utf8/gradeexport_xml.php	Rev. 1.4	(+2 -1 lines)
MODIFY	fr_utf8/gradeimport_xml.php	Rev. 1.5	(+2 -2 lines)
MODIFY	fr_utf8/gradeexport_txt.php	Rev. 1.4	(+2 -1 lines)
MODIFY	fr_utf8/gradeexport_ods.php	Rev. 1.4	(+2 -1 lines)
MODIFY	fr_utf8/gradeexport_xls.php	Rev. 1.4	(+2 -1 lines)

martignoni committed 1 file to 'Lang CVS' - 29/Sep/07 09:02 PM

~~MDL-11451~~ grade publishing security/privacy improved - new capabilities needed for publishing (end)

MODIFY

fr_utf8/grades.php

Rev. 1.112

(+2 -2 lines)

All content on this web site is made available under the GNU General Public License, unless otherwise stated.