Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-29276 META- Web service improvements for 2.2
  3. MDL-29457

Security: add some $CFG->wsdebug that block $debuginfo to be returned is set to OFF

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Minor
    • Resolution: Not a bug
    • Affects Version/s: 2.0.4, 2.1.1
    • Fix Version/s: DEV backlog
    • Component/s: Web Services
    • Labels:
      None
    • Affected Branches:
      MOODLE_20_STABLE, MOODLE_21_STABLE

      Description

      It could be a security issue to return the exception debug info by the web services.

      We should add a $CFG->wsdebug config setting to Moodle. All web service servers would check this settings to know if they are allowed to return any debug info.

        Gliffy Diagrams

          Activity

          Hide
          jerome Jérôme Mouneyrac added a comment -

          Added few watchers who could want to give their +1 for this feature.

          Show
          jerome Jérôme Mouneyrac added a comment - Added few watchers who could want to give their +1 for this feature.
          Hide
          skodak Petr Skoda added a comment -

          We already have $CFG->debug which is a bit mask, I do not see any need for more debug settings.

          In any case I think we should go toward user related debug setting instead of global debug because nobody should be running production server with enabled debugging output.

          Show
          skodak Petr Skoda added a comment - We already have $CFG->debug which is a bit mask, I do not see any need for more debug settings. In any case I think we should go toward user related debug setting instead of global debug because nobody should be running production server with enabled debugging output.
          Hide
          jerome Jérôme Mouneyrac added a comment -

          no worries.

          Show
          jerome Jérôme Mouneyrac added a comment - no worries.

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: