Moodle
  1. Moodle
  2. MDL-29276 META- Web service improvements for 2.2
  3. MDL-29457

Security: add some $CFG->wsdebug that block $debuginfo to be returned is set to OFF

    Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Not a bug
    • Affects Version/s: 2.0.4, 2.1.1
    • Fix Version/s: DEV backlog
    • Component/s: Web Services
    • Labels:
      None
    • Affected Branches:
      MOODLE_20_STABLE, MOODLE_21_STABLE
    • Rank:
      18939

      Description

      It could be a security issue to return the exception debug info by the web services.

      We should add a $CFG->wsdebug config setting to Moodle. All web service servers would check this settings to know if they are allowed to return any debug info.

        Activity

        Hide
        Jérôme Mouneyrac added a comment -

        Added few watchers who could want to give their +1 for this feature.

        Show
        Jérôme Mouneyrac added a comment - Added few watchers who could want to give their +1 for this feature.
        Hide
        Petr Škoda added a comment -

        We already have $CFG->debug which is a bit mask, I do not see any need for more debug settings.

        In any case I think we should go toward user related debug setting instead of global debug because nobody should be running production server with enabled debugging output.

        Show
        Petr Škoda added a comment - We already have $CFG->debug which is a bit mask, I do not see any need for more debug settings. In any case I think we should go toward user related debug setting instead of global debug because nobody should be running production server with enabled debugging output.
        Hide
        Jérôme Mouneyrac added a comment -

        no worries.

        Show
        Jérôme Mouneyrac added a comment - no worries.

          People

          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: