Moodle
  1. Moodle
  2. MDL-18039

META: Security overview report STABLE

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Won't Fix
    • Affects Version/s: 1.9.3
    • Fix Version/s: None
    • Component/s: Administration
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE
    • Rank:
      1127

      Issue Links

      Progress
      Resolved Sub-Tasks

      Sub-Tasks

      1.
      Missing admin/roles/define.php in 1.9.3 weekly Sub-task Closed moodle.com
       
      2.
      Missing admin/roles/define.php in 1.9.3 weekly Sub-task Closed Tim Hunt
       
      3.
      Security Report erroneous Critical warning on Windows System for default role Sub-task Closed Petr Škoda
       
      4.
      Misleading message "Unsupported XXX role assignments" Sub-task Closed Unassigned
       
      5.
      Thousands of users that must be trustable on Security Report Sub-task Closed Petr Škoda
       
      6.
      slow loading and lack of progress indication Sub-task Closed Petr Škoda
       
      7.
      more information needed for unsupported role assignments Sub-task Closed Petr Škoda
       
      8.
      In Security report misleading 'Site Default Course Role' Sub-task Closed Petr Škoda
       
      9.
      security overview report not working Sub-task Closed Petr Škoda
       
      10.
      XSS test in security overview report does not check both parent and child contexts Sub-task Closed Petr Škoda
       
      11.
      Language dependent check should be reviewed Sub-task Closed Petr Škoda
       
      12.
      Provide a feedback for the admin in order to explain him/her what to do to fix the security problem rised up by the security report Sub-task Closed Petr Škoda
       
      13.
      Solution for warning "writable config.php" in Windows server Sub-task Closed Helen Foster
       
      14.
      'Email change confirmation' check is misleading Sub-task Closed Petr Škoda
       
      15.
      Admins with no clue when "Incorrectly defined default course roles detected!" Sub-task Closed Petr Škoda
       
      16.
      Hard to find "unsupported role assignment" Sub-task Closed Petr Škoda
       
      17.
      Rename 'Registered user role' in security overview Sub-task Closed Petr Škoda
       
      18.
      Improve security overview report navigation Sub-task Closed Unassigned
       
      19.
      Report always find 1 server Admin Sub-task Closed Petr Škoda
       
      20.
      misalignment from Moodle development coding guidelines, alert Sub-task Closed Unassigned
       

        Activity

        Hide
        Andrea Bicciolo added a comment -

        In the process of reviewing the Security Report, which is improved form 1.9.3+ to 1.9.4, I noticed from the report is missing the check about "Cron execution from command line only".

        Although cron execution via web may not damage sites, it could be used to create excess cpu load, thus slowing down the server. Could be useful an info level in the report?

        Show
        Andrea Bicciolo added a comment - In the process of reviewing the Security Report, which is improved form 1.9.3+ to 1.9.4, I noticed from the report is missing the check about "Cron execution from command line only". Although cron execution via web may not damage sites, it could be used to create excess cpu load, thus slowing down the server. Could be useful an info level in the report?
        Hide
        Eloy Lafuente (stronk7) added a comment -

        Good idea. +1 here

        Show
        Eloy Lafuente (stronk7) added a comment - Good idea. +1 here
        Hide
        Martin Dougiamas added a comment -

        We really need to port this back to 1.8.9 as well.

        Show
        Martin Dougiamas added a comment - We really need to port this back to 1.8.9 as well.
        Hide
        Petr Škoda added a comment -

        bacported into MOODLE_18_STABLE - the admin and XSS risks could not be backported, because the sql code relies on context.path which is not available in < 1.9.0

        Show
        Petr Škoda added a comment - bacported into MOODLE_18_STABLE - the admin and XSS risks could not be backported, because the sql code relies on context.path which is not available in < 1.9.0
        Hide
        Frank Ralf added a comment -

        We had a discussion over at http://moodle.org/mod/forum/discuss.php?d=123189#p540218 whether one could borrow something along those lines from Drupal (admittedly I haven't tried this security report yet).

        Show
        Frank Ralf added a comment - We had a discussion over at http://moodle.org/mod/forum/discuss.php?d=123189#p540218 whether one could borrow something along those lines from Drupal (admittedly I haven't tried this security report yet).
        Hide
        Michael de Raadt added a comment -

        Thanks for reporting this issue.

        We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported.

        If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed.

        Michael d;

        lqjjLKA0p6

        Show
        Michael de Raadt added a comment - Thanks for reporting this issue. We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported. If you believe that this issue is still relevant to current versions (2.1 and beyond), please comment on the issue. Issues left inactive for a further month will be closed. Michael d; lqjjLKA0p6
        Hide
        Michael de Raadt added a comment -

        I'm closing this issue as it appears to have become inactive and is probably not relevant to a current supported version. If you are encountering this problem or one similar, please launch a new issue.

        Show
        Michael de Raadt added a comment - I'm closing this issue as it appears to have become inactive and is probably not relevant to a current supported version. If you are encountering this problem or one similar, please launch a new issue.

          People

          • Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: