Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-16458

Remove support for old-style config.html files in authentication plugins

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 2.0, 2.7.11, 2.8.1, 3.0, 3.2
    • Fix Version/s: None
    • Labels:
    • Affected Branches:
      MOODLE_20_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_30_STABLE, MOODLE_32_STABLE

      Description

      config.html files were removed from all the plugin types back in Moodle 2 but the authentication plugins were missed. Occasionally we get reports in the tracker (usually from people running the Acunetix automated security checking tool) claiming that we have a source code disclosure vulnerability because of these files - they don't present a real security risk as all Moodle code is available due to the nature of open source and they do not disclose any private information. But... it is some pretty average code and one day it might be nice to get rid of it!

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                stronk7 Eloy Lafuente (stronk7)
                Reporter:
                timhunt Tim Hunt
                Participants:
                Component watchers:
                Andrew Nicols, Mathew May, Michael Hawkins, Shamim Rezaie, Simey Lameze, Jake Dallimore, Jun Pataleta
              • Votes:
                2 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: