[MDL-64190] Site admin password fields should use password config element - Moodle Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.3.9, 3.4.6, 3.5.3, 3.6.1
Fix Version/s: 3.7
Component/s: Administration, Global search, Quiz
Labels:
- ci

Affected Branches:
MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE
Fixed Branches:
MOODLE_37_STABLE
Pull from Repository:
https://github.com/paulholden/moodle.git
Pull Master Branch:
~~MDL-64190~~
Pull Master Diff URL:
https://github.com/moodle/moodle/compare/master...paulholden:MDL-64190
Testing Instructions:
Hide

Prerequisites:

Server with Solr setup. To set up on Linux:

Install SOLR PHP extension.

sudo apt install php-solr

Restart Apache.

sudo service apache2 restart

Install SOLR 7 docker container.

docker run --name solr7 -d -p 8983:8983 -t solr:7

Create index for your Moodle instance (e.g. integrationmaster).

docker exec -it --user=solr solr7 bin/solr create_core -c integrationmaster

Test

Visit Site Administration > Plugins > Search > Solr.

CONFIRM the HTTP authentication password field is a password unmask config element.

Visit Site administration > Plugins > Activity modules > Quiz.

CONFIRM the Require password field is a password unmask config element with and Advanced checkbox in the right.
Show
Prerequisites: Server with Solr setup. To set up on Linux: Install SOLR PHP extension. sudo apt install php-solr Restart Apache. sudo service apache2 restart Install SOLR 7 docker container. docker run --name solr7 -d -p 8983:8983 -t solr:7 Create index for your Moodle instance (e.g. integrationmaster). docker exec -it --user=solr solr7 bin/solr create_core -c integrationmaster Test Visit Site Administration > Plugins > Search > Solr. CONFIRM the HTTP authentication password field is a password unmask config element. Visit Site administration > Plugins > Activity modules > Quiz. CONFIRM the Require password field is a password unmask config element with and Advanced checkbox in the right.

Description

To prevent credential capture by shoulder surfing and the like, password configuration fields (such as the HTTP authentication password (search_solr | server_password) should use one of the password config types.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

MDL-64190.jpg
13 kB
31/Jan/19 9:52 AM

Issue Links

has been marked as being related by

MDL-59326 Don't use password field for shared secrets

Closed

Activity

People

Assignee:: Paul Holden

Reporter:: Paul Holden

Peer reviewer:: Michael Hawkins

Integrator:: Sara Arjona (@sarjona)

Tester:: Anna Carissa Sadia

Participants:: Anna Carissa Sadia, CiBoT, Michael Hawkins, Paul Holden, Sara Arjona (@sarjona)

Component watchers:: Andrew Lyons, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona), Tim Hunt, Andrew Lyons, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 23/Nov/18 7:11 PM

Updated:: 27/Mar/19 9:57 PM

Resolved:: 01/Feb/19 9:50 AM

Fix Release Date:: 20/May/19

Time Tracking

Estimated:

Remaining:

Logged:

40m

Details

Prerequisites:

Test

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Time Tracking