Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-16108

Enrollment key in course settings uses password field but Moodle then doesn't treat it with the care a password deserves

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.8, 1.9
    • Fix Version/s: 1.8.7, 1.9.3
    • Component/s: Course
    • Labels:
      None
    • Affected Branches:
      MOODLE_18_STABLE, MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_18_STABLE, MOODLE_19_STABLE

      Description

      This is the problem as we saw it....

      1. Firefox "accidentally" filled in the enrolment key field with some personal information. The teacher didn't know because it just filled with stars
      2. They saved it
      3. Another teacher came along and hit 'unmask' and their personal information was revealed

      Some thoughts...

      • If this really is a password then it must be saved as a hash and should not be recoverable
      • The form could have "autocomplete=off" added to suppress browser filling in the field

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              skodak Petr Skoda
              Reporter:
              howardsmiller Howard Miller
              Tester:
              Tim Hunt
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                15/Oct/08