Moodle
  1. Moodle
  2. MDL-29276 META- Web service improvements for 2.2
  3. MDL-29457

Security: add some $CFG->wsdebug that block $debuginfo to be returned is set to OFF

    Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Not a bug
    • Affects Version/s: 2.0.4, 2.1.1
    • Fix Version/s: DEV backlog
    • Component/s: Web Services
    • Labels:
      None
    • Affected Branches:
      MOODLE_20_STABLE, MOODLE_21_STABLE

      Description

      It could be a security issue to return the exception debug info by the web services.

      We should add a $CFG->wsdebug config setting to Moodle. All web service servers would check this settings to know if they are allowed to return any debug info.

        Gliffy Diagrams

          Activity

          Hide
          Jérôme Mouneyrac added a comment -

          Added few watchers who could want to give their +1 for this feature.

          Show
          Jérôme Mouneyrac added a comment - Added few watchers who could want to give their +1 for this feature.
          Hide
          Petr Skoda added a comment -

          We already have $CFG->debug which is a bit mask, I do not see any need for more debug settings.

          In any case I think we should go toward user related debug setting instead of global debug because nobody should be running production server with enabled debugging output.

          Show
          Petr Skoda added a comment - We already have $CFG->debug which is a bit mask, I do not see any need for more debug settings. In any case I think we should go toward user related debug setting instead of global debug because nobody should be running production server with enabled debugging output.
          Hide
          Jérôme Mouneyrac added a comment -

          no worries.

          Show
          Jérôme Mouneyrac added a comment - no worries.

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: