Moodle

Provide a feedback for the admin in order to explain him/her what to do to fix the security problem rised up by the security report

Details

  • Type: Sub-task Sub-task
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.9.4
  • Fix Version/s: 1.9.5
  • Component/s: Administration
  • Labels:
    None
  • Affected Branches:
    MOODLE_19_STABLE
  • Fixed Branches:
    MOODLE_19_STABLE

Description

For instance: "Your config.php is not read only" (or something like)
Fine.... what am I supposed to do in order to fix this problem?

I would like to read something like "According to http://doc.moodle.org/... change file permission to... and be sure the owner of the file is... For further information, please read http://doc.moodle.org/..."

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Eloy Lafuente (stronk7) added a comment -

Assigning to Petr.

Show
Eloy Lafuente (stronk7) added a comment - Assigning to Petr.
Hide
Permalink
Kenneth Newquist added a comment -

Relating to this, I'd like to see the the Security Report provide specific information about what is triggering a given warning or alert.

For example flagging "Registered user role" as critical and noting that the role is incorrectly defined is good. But drilling down doesn't explain the specific capabilities that are triggering this misconfiguration error; instead there is a fairly generic "Risky capabilities detected in context." message, with a link to the Roles Details page.

I'd like to see the "details" of the security warnings page print a list of what capabilities are causing the risky assessment as well as the recommended setting to resolve the issue. It would make it easier to review and would clearly spell out what the problem areas where.

Yes, this information is available by browsing through the roles capabilities page, but that's a lengthy page with a heck of a lot of options on it. It's all too easy to miss a problem capability when trying to trouble shoot this

Show
Kenneth Newquist added a comment - Relating to this, I'd like to see the the Security Report provide specific information about what is triggering a given warning or alert. For example flagging "Registered user role" as critical and noting that the role is incorrectly defined is good. But drilling down doesn't explain the specific capabilities that are triggering this misconfiguration error; instead there is a fairly generic "Risky capabilities detected in context." message, with a link to the Roles Details page. I'd like to see the "details" of the security warnings page print a list of what capabilities are causing the risky assessment as well as the recommended setting to resolve the issue. It would make it easier to review and would clearly spell out what the problem areas where. Yes, this information is available by browsing through the roles capabilities page, but that's a lengthy page with a heck of a lot of options on it. It's all too easy to miss a problem capability when trying to trouble shoot this
Hide
Permalink
Petr Škoda (skodak) added a comment -

yes, I agree the more details the better.

Show
Petr Škoda (skodak) added a comment - yes, I agree the more details the better.
Hide
Permalink
Petr Škoda (skodak) added a comment -

I have added links to docs pages from detailed report pages

Show
Petr Škoda (skodak) added a comment - I have added links to docs pages from detailed report pages
Hide
Permalink
Helen Foster added a comment -

Daniele, thanks for reporting this issue, and Kenneth, thanks for your comments.

Each issue page in the security overview report now has a corresponding page in Moodle Docs ready for further information to be added. See http://docs.moodle.org/en/Security_overview for the list of links.

Everyone, please help in editing these pages and adding further information / links to helpful forum discussions etc.

Show
Helen Foster added a comment - Daniele, thanks for reporting this issue, and Kenneth, thanks for your comments. Each issue page in the security overview report now has a corresponding page in Moodle Docs ready for further information to be added. See http://docs.moodle.org/en/Security_overview for the list of links. Everyone, please help in editing these pages and adding further information / links to helpful forum discussions etc.
Hide
Permalink
Petr Škoda (skodak) added a comment -

docs links present, closing bug, thanks for the report

Show
Petr Škoda (skodak) added a comment - docs links present, closing bug, thanks for the report
Hide
Permalink
Daniele Cordella added a comment -

Thanks Petr and Helen!

Show
Daniele Cordella added a comment - Thanks Petr and Helen!

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.