Moodle
  1. Moodle
  2. MDL-11451

Exporting grades with a key may accidently publish the URL

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 1.9
    • Fix Version/s: 1.9
    • Component/s: Gradebook
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE
    • Rank:
      28524

      Description

      At the New Zealand Moodle Moot, Martin demonstrated a way to publish grades using a special URL which contains a secret key encoded in it. Giving the URL to other people gives them access to the grades.

      Since grades are quite sensitive, it becomes a security problem when they are exposed accidently to third parties.

      Here are two scenarios where this URL could become public:

      1- The user bookmarks it and is using a community bookmarking system like del.icio.us Other users of that system may now find it, but Google can also index it.

      2- Windows users sometime have "download accelerators" which report to a central server what URLs people are downloading. There have been cases where these URLs are then shared with the public, for example in "top 10" lists or "current downloads".

      Therefore, I think the potential for users unknowingly sharing their grades is real.

      One way, this could be mitigated is to split this into two pieces of information:

      • a secret key
      • a page where the user goes and where they need to enter the secret key and press submit.

        Activity

        Hide
        Martin Dougiamas added a comment -

        I don't think we can change the URL but we should definitely have more warnings there to alert people of the security implications if they bookmark it, use download accelerators etc

        Show
        Martin Dougiamas added a comment - I don't think we can change the URL but we should definitely have more warnings there to alert people of the security implications if they bookmark it, use download accelerators etc
        Hide
        Petr Škoda added a comment -

        Hello:

        • The keys are not visible by default on that form
        • the keys may be disabled completely by configuration option
        • there is an IP restriction for each key
        • the date field limits the usability of the key
        • keys are defined per course/user only - key can be used to get access to grades of that course only

        I would recommend to not use the keys if security is a problem.

        On the other hand we might add special capability for creating of grade import/export keys, so that admins have a way to limit who can use this feature and not just turn it off for everybody.

        Show
        Petr Škoda added a comment - Hello: The keys are not visible by default on that form the keys may be disabled completely by configuration option there is an IP restriction for each key the date field limits the usability of the key keys are defined per course/user only - key can be used to get access to grades of that course only I would recommend to not use the keys if security is a problem. On the other hand we might add special capability for creating of grade import/export keys, so that admins have a way to limit who can use this feature and not just turn it off for everybody.
        Hide
        Petr Škoda added a comment -

        I have added:

        • new permissions to control the publishing - admin by default only
        • default iprestriction and 7 days validity - just in case somebody just clicks to create a new key
        Show
        Petr Škoda added a comment - I have added: new permissions to control the publishing - admin by default only default iprestriction and 7 days validity - just in case somebody just clicks to create a new key
        Hide
        Petr Škoda added a comment -

        Clearing the security flag so that anybody can read this issue - I hope somebody will write a good help page soon, the main emphasis should be IMO on ip restrictions.

        Show
        Petr Škoda added a comment - Clearing the security flag so that anybody can read this issue - I hope somebody will write a good help page soon, the main emphasis should be IMO on ip restrictions.
        Hide
        Petr Škoda added a comment -

        closing, the ip restriction prevents against this problem, the default settings should not encourage bad practices.
        thanks very much for the valuable input!

        please reopen if needed

        Show
        Petr Škoda added a comment - closing, the ip restriction prevents against this problem, the default settings should not encourage bad practices. thanks very much for the valuable input! please reopen if needed

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: