Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-64190

Site admin password fields should use password config element

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.3.9, 3.4.6, 3.5.3, 3.6.1
    • Fix Version/s: 3.7
    • Labels:
    • Affected Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE
    • Fixed Branches:
      MOODLE_37_STABLE
    • Pull Master Branch:
    • Testing Instructions:
      Hide
      Prerequisites:
      1. Server with Solr setup. To set up on Linux:
        1. Install SOLR PHP extension.

          sudo apt install php-solr

        2. Restart Apache.

          sudo service apache2 restart

        3. Install SOLR 7 docker container.

          docker run --name solr7 -d -p 8983:8983 -t solr:7

        4. Create index for your Moodle instance (e.g. integrationmaster).

          docker exec -it --user=solr solr7 bin/solr create_core -c integrationmaster

      Test
      1. Visit Site Administration > Plugins > Search > Solr.
      2. CONFIRM the HTTP authentication password field is a password unmask config element.
      3. Visit Site administration > Plugins > Activity modules > Quiz.
      4. CONFIRM the Require password field is a password unmask config element with and Advanced checkbox in the right.
      Show
      Prerequisites: Server with Solr setup. To set up on Linux: Install SOLR PHP extension. sudo apt install php-solr Restart Apache. sudo service apache2 restart Install SOLR 7 docker container. docker run --name solr7 -d -p 8983:8983 -t solr:7 Create index for your Moodle instance (e.g. integrationmaster). docker exec -it --user=solr solr7 bin/solr create_core -c integrationmaster Test Visit Site Administration > Plugins > Search > Solr. CONFIRM the HTTP authentication password field is a password unmask config element. Visit Site administration > Plugins > Activity modules > Quiz. CONFIRM the Require password field is a password unmask config element with and Advanced checkbox in the right.

      Description

      To prevent credential capture by shoulder surfing and the like, password configuration fields (such as the HTTP authentication password (search_solr | server_password)  should use one of the password config types.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              pholden Paul Holden
              Reporter:
              pholden Paul Holden
              Peer reviewer:
              Michael Hawkins Michael Hawkins
              Integrator:
              Sara Arjona (@sarjona) Sara Arjona (@sarjona)
              Tester:
              Anna Carissa Sadia Anna Carissa Sadia
              Participants:
              Component watchers:
              Andrew Lyons, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona), Tim Hunt, Andrew Lyons, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                20/May/19

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 40 minutes
                  40m