Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-29527

Add description to RSS security key reset



    • Improvement
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 2.1.2, 2.2
    • 2.1.3
    • RSS


      On http://YOURMOODLEURL/user/managetoken.php, a user can reset his RSS security keys.

      As the link to this page is noticably located in "My profile settings -> Security keys", we saw curious users checking the possibilities in their profiles (and never having used a rss feed yet) visiting this page.

      For these users, the widget on this page doesn't give any information. We were asked by users what can be reset there and why. We propose that there should be a description for this feature within the widget, similar to the description for resetting security keys for web services.

      Changes have to be done in /rss/renderer.php, replace

      //$return .= get_string('keyshelp', 'webservice');


      $return .= get_string('keyshelp', 'rss');

      and add a decriptive text to the rss language package.

      We propose adapting the text from moodle docs (http://docs.moodle.org/20/en/RSS_feeds_2.0#Restricting_access_to_RSS_feeds):

      <p>To ensure security and privacy RSS feed URLs contain a special token that identifies the user they are for. This prevents other users from accessing areas of Moodle they shouldn\'t have access to via RSS feeds.</p><p>This token is automatically created the first time you access an area of Moodle that produces an RSS feed. If you feel that your RSS feed token has been compromised in some way you can request a new one by clicking the Reset link here. Please note that your present RSS feed URLs will then become invalid.</p>

      We have also done a german translation for this:

      <p>Um Sicherheit und Vertraulichkeit zu gewährleisten enthalten RSS-Feed URLs einen Sicherheitsschlüssel, welcher den Benutzer identifiziert, der den RSS-Feed erzeugt hat. Dadurch wird verhindert, dass andere Benutzer mithilfe von RSS-Feeds Zugriff auf Informationen erlangen, auf die sie sonst keinen Zugriff hätten.</p><p>Der Sicherheitsschlüssel wird automatisch erzeugt, wenn Sie das erste Mal eine Aktivität nutzen, die RSS-Feeds unterstützt. Falls Sie denken, dass Dritte von Ihrem RSS Sicherheitsschlüssel Kenntnis erlangt haben könnten, können Sie ihn durch Klick auf "Zurücksetzen" neu setzen. Dadurch werden Ihre bisherigen RSS-Feed URLs ungültig und können neu abonniert werden.</p>


        Issue Links



              poltawski Dan Poltawski
              abias Alexander Bias
              Aparup Banerjee Aparup Banerjee
              Ankit Agarwal Ankit Agarwal
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Stevani Andolo
              0 Vote for this issue
              1 Start watching this issue