Issue Details (XML | Word | Printable)

Key: MDL-18078
Type: Sub-task Sub-task
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Petr Skoda
Reporter: Daniele Cordella
Votes: 2
Watchers: 2
Operations

Add/Edit UI Mockup to this issue
If you were logged in you would be able to see more operations.
Moodle
MDL-18039

Provide a feedback for the admin in order to explain him/her what to do to fix the security problem rised up by the security report

Created: 29/Jan/09 07:28 PM   Updated: 06/May/09 07:47 PM
Return to search
Component/s: Administration
Affects Version/s: 1.9.4
Fix Version/s: 1.9.5

Participants: Daniele Cordella, Eloy Lafuente (stronk7), Helen Foster, Kenneth Newquist and Petr Skoda
Security Level: None
Resolved date: 06/May/09
Affected Branches: MOODLE_19_STABLE
Fixed Branches: MOODLE_19_STABLE


 Description  « Hide
For instance: "Your config.php is not read only" (or something like)
Fine.... what am I supposed to do in order to fix this problem?

I would like to read something like "According to http://doc.moodle.org/... change file permission to... and be sure the owner of the file is... For further information, please read http://doc.moodle.org/..."

 All   Comments   Change History   Version Control      Sort Order: Ascending order - Click to sort in descending order
Daniele Cordella made changes - 29/Jan/09 07:42 PM
Field Original Value New Value
Summary Provide a feedback for the admin in order to explain him/her what to do in order to fix the security problem rised up by the security report Provide a feedback for the admin in order to explain him/her what to do to fix the security problem rised up by the security report
Eloy Lafuente (stronk7) made changes - 30/Jan/09 07:02 PM
Assignee moodle.com [ moodle.com ] Petr ?koda [ skodak ]
[ Permalink | « Hide ]
Eloy Lafuente (stronk7) added a comment - 30/Jan/09 07:02 PM
Assigning to Petr.

[ Permalink | « Hide ]
Kenneth Newquist added a comment - 06/Feb/09 02:51 AM
Relating to this, I'd like to see the the Security Report provide specific information about what is triggering a given warning or alert.

For example flagging "Registered user role" as critical and noting that the role is incorrectly defined is good. But drilling down doesn't explain the specific capabilities that are triggering this misconfiguration error; instead there is a fairly generic "Risky capabilities detected in context." message, with a link to the Roles Details page.

I'd like to see the "details" of the security warnings page print a list of what capabilities are causing the risky assessment as well as the recommended setting to resolve the issue. It would make it easier to review and would clearly spell out what the problem areas where.

Yes, this information is available by browsing through the roles capabilities page, but that's a lengthy page with a heck of a lot of options on it. It's all too easy to miss a problem capability when trying to trouble shoot this


[ Permalink | « Hide ]
Petr Skoda added a comment - 06/Feb/09 03:47 AM
yes, I agree the more details the better.

Petr Skoda made changes - 06/Feb/09 03:47 AM
Fix Version/s 1.9.5 [ 10320 ]
Petr Skoda committed 2 files to 'Moodle CVS' on branch 'MOODLE_19_STABLE' - 15/Feb/09 06:45 PM
MDL-18078 adding docs links from detailed security overview report
MODIFY admin/report/security/index.php   Rev. 1.2.2.5    (+2 -2 lines)
MODIFY admin/report/security/lib.php   Rev. 1.3.2.8    (+16 -1 lines)
Petr Skoda committed 2 files to 'Moodle CVS' - 15/Feb/09 06:45 PM
MDL-18078 adding docs links from detailed security overview report; merged from MOODLE_19_STABLE
MODIFY admin/report/security/index.php   Rev. 1.5    (+2 -2 lines)
MODIFY admin/report/security/lib.php   Rev. 1.8    (+16 -1 lines)
[ Permalink | « Hide ]
Petr Skoda added a comment - 15/Feb/09 06:46 PM
I have added links to docs pages from detailed report pages

Martin Dougiamas made changes - 16/Feb/09 02:23 PM
Priority Minor [ 4 ] Major [ 3 ]
[ Permalink | « Hide ]
Helen Foster added a comment - 17/Feb/09 12:05 AM
Daniele, thanks for reporting this issue, and Kenneth, thanks for your comments.

Each issue page in the security overview report now has a corresponding page in Moodle Docs ready for further information to be added. See http://docs.moodle.org/en/Security_overview for the list of links.

Everyone, please help in editing these pages and adding further information / links to helpful forum discussions etc.


[ Permalink | « Hide ]
Petr Skoda added a comment - 06/May/09 05:37 PM
docs links present, closing bug, thanks for the report

Petr Skoda made changes - 06/May/09 05:37 PM
Status Open [ 1 ] Resolved [ 5 ]
Resolution Fixed [ 1 ]
[ Permalink | « Hide ]
Daniele Cordella added a comment - 06/May/09 07:47 PM
Thanks Petr and Helen!


Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.5-#360) - Bug/feature request - Atlassian news - Contact Administrators