Moodle

META: Security overview report STABLE

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Minor Minor
  • Resolution: Won't Fix
  • Affects Version/s: 1.9.3
  • Fix Version/s: None
  • Component/s: Administration
  • Labels:
    None
  • Affected Branches:
    MOODLE_19_STABLE

Issue Links

This issue has a non-specific relationship to:
MDL-18254 META: Security overview report 2.0 Minor Open
This issue has been marked as being related by:
MDL-17222 Security overview report Minor Closed
Progress
Resolved Sub-Tasks Unresolved Sub-Tasks

Sub-Tasks

1.
 Missing admin/roles/define.php in 1.9.3 weekly Sub-task Closed Closed moodle.com
 
2.
 Missing admin/roles/define.php in 1.9.3 weekly Sub-task Closed Closed Tim Hunt
 
3.
 Security Report erroneous Critical warning on Windows System for default role Sub-task Closed Closed Petr Škoda (skodak)
 
4. Misleading message "Unsupported XXX role assignments" Sub-task Reopened Reopened moodle.com
 
5.
 Thousands of users that must be trustable on Security Report Sub-task Closed Closed Petr Škoda (skodak)
 
6.
 slow loading and lack of progress indication Sub-task Closed Closed Petr Škoda (skodak)
 
7.
 more information needed for unsupported role assignments Sub-task Closed Closed Petr Škoda (skodak)
 
8.
 In Security report misleading 'Site Default Course Role' Sub-task Closed Closed Petr Škoda (skodak)
 
9.
 security overview report not working Sub-task Closed Closed Petr Škoda (skodak)
 
10.
 XSS test in security overview report does not check both parent and child contexts Sub-task Closed Closed Petr Škoda (skodak)
 
11.
 Language dependent check should be reviewed Sub-task Closed Closed Petr Škoda (skodak)
 
12.
 Provide a feedback for the admin in order to explain him/her what to do to fix the security problem rised up by the security report Sub-task Closed Closed Petr Škoda (skodak)
 
13.
 Solution for warning "writable config.php" in Windows server Sub-task Closed Closed Helen Foster
 
14.
 'Email change confirmation' check is misleading Sub-task Closed Closed Petr Škoda (skodak)
 
15.
 Admins with no clue when "Incorrectly defined default course roles detected!" Sub-task Closed Closed Petr Škoda (skodak)
 
16.
 Hard to find "unsupported role assignment" Sub-task Closed Closed Petr Škoda (skodak)
 
17.
 Rename 'Registered user role' in security overview Sub-task Closed Closed Petr Škoda (skodak)
 
18. Improve security overview report navigation Sub-task Open Open moodle.com
 
19.
 Report always find 1 server Admin Sub-task Closed Closed Petr Škoda (skodak)
 
20. misalignment from Moodle development coding guidelines, alert Sub-task Open Open moodle.com
 

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Andrea Bicciolo added a comment -

In the process of reviewing the Security Report, which is improved form 1.9.3+ to 1.9.4, I noticed from the report is missing the check about "Cron execution from command line only".

Although cron execution via web may not damage sites, it could be used to create excess cpu load, thus slowing down the server. Could be useful an info level in the report?

Show
Andrea Bicciolo added a comment - In the process of reviewing the Security Report, which is improved form 1.9.3+ to 1.9.4, I noticed from the report is missing the check about "Cron execution from command line only". Although cron execution via web may not damage sites, it could be used to create excess cpu load, thus slowing down the server. Could be useful an info level in the report?
Hide
Permalink
Eloy Lafuente (stronk7) added a comment -

Good idea. +1 here

Show
Eloy Lafuente (stronk7) added a comment - Good idea. +1 here
Hide
Permalink
Martin Dougiamas added a comment -

We really need to port this back to 1.8.9 as well.

Show
Martin Dougiamas added a comment - We really need to port this back to 1.8.9 as well.
Hide
Permalink
Petr Škoda (skodak) added a comment -

bacported into MOODLE_18_STABLE - the admin and XSS risks could not be backported, because the sql code relies on context.path which is not available in < 1.9.0

Show
Petr Škoda (skodak) added a comment - bacported into MOODLE_18_STABLE - the admin and XSS risks could not be backported, because the sql code relies on context.path which is not available in < 1.9.0
Hide
Permalink
Frank Ralf added a comment -

We had a discussion over at http://moodle.org/mod/forum/discuss.php?d=123189#p540218 whether one could borrow something along those lines from Drupal (admittedly I haven't tried this security report yet).

Show
Frank Ralf added a comment - We had a discussion over at http://moodle.org/mod/forum/discuss.php?d=123189#p540218 whether one could borrow something along those lines from Drupal (admittedly I haven't tried this security report yet).
Hide
Permalink
Michael de Raadt added a comment -

Thanks for reporting this issue.

We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported.

If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed.

Michael d;

lqjjLKA0p6

Show
Michael de Raadt added a comment - Thanks for reporting this issue. We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported. If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed. Michael d; lqjjLKA0p6
Hide
Permalink
Michael de Raadt added a comment -

I'm closing this issue as it appears to have become inactive and is probably not relevant to a current supported version. If you are encountering this problem or one similar, please launch a new issue.

Show
Michael de Raadt added a comment - I'm closing this issue as it appears to have become inactive and is probably not relevant to a current supported version. If you are encountering this problem or one similar, please launch a new issue.

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.