Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-29276 META- Web service improvements for 2.2
  3. MDL-29457

Security: add some $CFG->wsdebug that block $debuginfo to be returned is set to OFF

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Minor
    • Resolution: Not a bug
    • Affects Version/s: 2.0.4, 2.1.1
    • Fix Version/s: DEV backlog
    • Component/s: Web Services
    • Labels:
      None
    • Affected Branches:
      MOODLE_20_STABLE, MOODLE_21_STABLE

      Description

      It could be a security issue to return the exception debug info by the web services.

      We should add a $CFG->wsdebug config setting to Moodle. All web service servers would check this settings to know if they are allowed to return any debug info.

        Gliffy Diagrams

          Attachments

            Activity

            Hide
            jerome Jérôme Mouneyrac added a comment -

            Added few watchers who could want to give their +1 for this feature.

            Show
            jerome Jérôme Mouneyrac added a comment - Added few watchers who could want to give their +1 for this feature.
            Hide
            skodak Petr Skoda added a comment -

            We already have $CFG->debug which is a bit mask, I do not see any need for more debug settings.

            In any case I think we should go toward user related debug setting instead of global debug because nobody should be running production server with enabled debugging output.

            Show
            skodak Petr Skoda added a comment - We already have $CFG->debug which is a bit mask, I do not see any need for more debug settings. In any case I think we should go toward user related debug setting instead of global debug because nobody should be running production server with enabled debugging output.
            Hide
            jerome Jérôme Mouneyrac added a comment -

            no worries.

            Show
            jerome Jérôme Mouneyrac added a comment - no worries.

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: