Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-29276 META- Web service improvements for 2.2
  3. MDL-29457

Security: add some $CFG->wsdebug that block $debuginfo to be returned is set to OFF

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Minor
    • Resolution: Not a bug
    • Affects Version/s: 2.0.4, 2.1.1
    • Fix Version/s: DEV backlog
    • Component/s: Web Services
    • Labels:
      None
    • Affected Branches:
      MOODLE_20_STABLE, MOODLE_21_STABLE

      Description

      It could be a security issue to return the exception debug info by the web services.

      We should add a $CFG->wsdebug config setting to Moodle. All web service servers would check this settings to know if they are allowed to return any debug info.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: