Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-18039

META: Security overview report STABLE

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 1.9.3
    • Fix Version/s: None
    • Component/s: Administration
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE

      Gliffy Diagrams

        Issue Links

        1.
        Missing admin/roles/define.php in 1.9.3 weekly Sub-task Closed moodle.com
         
        2.
        Missing admin/roles/define.php in 1.9.3 weekly Sub-task Closed Tim Hunt
         
        3.
        Security Report erroneous Critical warning on Windows System for default role Sub-task Closed Petr Skoda
         
        4.
        Misleading message "Unsupported XXX role assignments" Sub-task Closed Unassigned
         
        5.
        Thousands of users that must be trustable on Security Report Sub-task Closed Petr Skoda
         
        6.
        slow loading and lack of progress indication Sub-task Closed Petr Skoda
         
        7.
        more information needed for unsupported role assignments Sub-task Closed Petr Skoda
         
        8.
        In Security report misleading 'Site Default Course Role' Sub-task Closed Petr Skoda
         
        9.
        security overview report not working Sub-task Closed Petr Skoda
         
        10.
        XSS test in security overview report does not check both parent and child contexts Sub-task Closed Petr Skoda
         
        11.
        Language dependent check should be reviewed Sub-task Closed Petr Skoda
         
        12.
        Provide a feedback for the admin in order to explain him/her what to do to fix the security problem rised up by the security report Sub-task Closed Petr Skoda
         
        13.
        Solution for warning "writable config.php" in Windows server Sub-task Closed Helen Foster
         
        14.
        'Email change confirmation' check is misleading Sub-task Closed Petr Skoda
         
        15.
        Admins with no clue when "Incorrectly defined default course roles detected!" Sub-task Closed Petr Skoda
         
        16.
        Hard to find "unsupported role assignment" Sub-task Closed Petr Skoda
         
        17.
        Rename 'Registered user role' in security overview Sub-task Closed Petr Skoda
         
        18.
        Improve security overview report navigation Sub-task Closed Unassigned
         
        19.
        Report always find 1 server Admin Sub-task Closed Petr Skoda
         
        20.
        misalignment from Moodle development coding guidelines, alert Sub-task Closed Unassigned
         

          Activity

          Hide
          andreabix Andrea Bicciolo added a comment -

          In the process of reviewing the Security Report, which is improved form 1.9.3+ to 1.9.4, I noticed from the report is missing the check about "Cron execution from command line only".

          Although cron execution via web may not damage sites, it could be used to create excess cpu load, thus slowing down the server. Could be useful an info level in the report?

          Show
          andreabix Andrea Bicciolo added a comment - In the process of reviewing the Security Report, which is improved form 1.9.3+ to 1.9.4, I noticed from the report is missing the check about "Cron execution from command line only". Although cron execution via web may not damage sites, it could be used to create excess cpu load, thus slowing down the server. Could be useful an info level in the report?
          Hide
          stronk7 Eloy Lafuente (stronk7) added a comment -

          Good idea. +1 here

          Show
          stronk7 Eloy Lafuente (stronk7) added a comment - Good idea. +1 here
          Hide
          dougiamas Martin Dougiamas added a comment -

          We really need to port this back to 1.8.9 as well.

          Show
          dougiamas Martin Dougiamas added a comment - We really need to port this back to 1.8.9 as well.
          Hide
          skodak Petr Skoda added a comment -

          bacported into MOODLE_18_STABLE - the admin and XSS risks could not be backported, because the sql code relies on context.path which is not available in < 1.9.0

          Show
          skodak Petr Skoda added a comment - bacported into MOODLE_18_STABLE - the admin and XSS risks could not be backported, because the sql code relies on context.path which is not available in < 1.9.0
          Hide
          nakohdo Frank Ralf added a comment -

          We had a discussion over at http://moodle.org/mod/forum/discuss.php?d=123189#p540218 whether one could borrow something along those lines from Drupal (admittedly I haven't tried this security report yet).

          Show
          nakohdo Frank Ralf added a comment - We had a discussion over at http://moodle.org/mod/forum/discuss.php?d=123189#p540218 whether one could borrow something along those lines from Drupal (admittedly I haven't tried this security report yet).
          Hide
          salvetore Michael de Raadt added a comment -

          Thanks for reporting this issue.

          We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported.

          If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed.

          Michael d;

          lqjjLKA0p6

          Show
          salvetore Michael de Raadt added a comment - Thanks for reporting this issue. We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported. If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed. Michael d; lqjjLKA0p6
          Hide
          salvetore Michael de Raadt added a comment -

          I'm closing this issue as it appears to have become inactive and is probably not relevant to a current supported version. If you are encountering this problem or one similar, please launch a new issue.

          Show
          salvetore Michael de Raadt added a comment - I'm closing this issue as it appears to have become inactive and is probably not relevant to a current supported version. If you are encountering this problem or one similar, please launch a new issue.

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: