Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-16458

Remove support for old-style config.html files in authentication plugins

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Duplicate
    • 2.0, 2.7.11, 2.8.1, 3.0, 3.2
    • None
    • MOODLE_20_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_30_STABLE, MOODLE_32_STABLE

    Description

      config.html files were removed from all the plugin types back in Moodle 2 but the authentication plugins were missed. Occasionally we get reports in the tracker (usually from people running the Acunetix automated security checking tool) claiming that we have a source code disclosure vulnerability because of these files - they don't present a real security risk as all Moodle code is available due to the nature of open source and they do not disclose any private information. But... it is some pretty average code and one day it might be nice to get rid of it!

      Attachments

        Issue Links

          Activity

            People

              stronk7 Eloy Lafuente (stronk7)
              timhunt Tim Hunt
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
              Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: