Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-16458

Remove support for old-style config.html files in authentication plugins

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 2.0, 2.7.11, 2.8.1, 3.0, 3.2
    • Fix Version/s: None
    • Labels:
    • Affected Branches:
      MOODLE_20_STABLE, MOODLE_27_STABLE, MOODLE_28_STABLE, MOODLE_30_STABLE, MOODLE_32_STABLE

      Description

      config.html files were removed from all the plugin types back in Moodle 2 but the authentication plugins were missed. Occasionally we get reports in the tracker (usually from people running the Acunetix automated security checking tool) claiming that we have a source code disclosure vulnerability because of these files - they don't present a real security risk as all Moodle code is available due to the nature of open source and they do not disclose any private information. But... it is some pretty average code and one day it might be nice to get rid of it!

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              stronk7 Eloy Lafuente (stronk7)
              Reporter:
              timhunt Tim Hunt
              Participants:
              Component watchers:
              Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: