Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-64190

Site admin password fields should use password config element

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.3.9, 3.4.6, 3.5.3, 3.6.1
    • Fix Version/s: 3.7
    • Component/s: Administration, Global search, Quiz
    • Labels:
    • Testing Instructions:
      Hide
      Prerequisites:
      1. Server with Solr setup. To set up on Linux:
        1. Install SOLR PHP extension. 

          sudo apt install php-solr

        2. Restart Apache. 

          sudo service apache2 restart

        3. Install SOLR 7 docker container. 

          docker run --name solr7 -d -p 8983:8983 -t solr:7

        4. Create index for your Moodle instance (e.g. integrationmaster). 

          docker exec -it --user=solr solr7 bin/solr create_core -c integrationmaster

      Test
      1. Visit Site Administration > Plugins > Search > Solr.
      2. CONFIRM the HTTP authentication password field is a password unmask config element.
      3. Visit Site administration > Plugins > Activity modules > Quiz.
      4. CONFIRM the Require password field is a password unmask config element with and Advanced checkbox in the right.
      Show
      Prerequisites: Server with Solr setup. To set up on Linux: Install SOLR PHP extension. sudo apt install php-solr Restart Apache. sudo service apache2 restart Install SOLR 7 docker container. docker run --name solr7 -d -p 8983:8983 -t solr:7 Create index for your Moodle instance (e.g. integrationmaster). docker exec -it --user=solr solr7 bin/solr create_core -c integrationmaster Test Visit Site Administration > Plugins > Search > Solr. CONFIRM the HTTP authentication password field is a password unmask config element. Visit Site administration > Plugins > Activity modules > Quiz. CONFIRM the Require password field is a password unmask config element with and Advanced checkbox in the right.
    • Affected Branches:
      MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE
    • Fixed Branches:
      MOODLE_37_STABLE
    • Pull from Repository:
    • Pull Master Branch:
    • Pull Master Diff URL:

      Description

      To prevent credential capture by shoulder surfing and the like, password configuration fields (such as the HTTP authentication password (search_solr | server_password)  should use one of the password config types.

        Attachments

          Issue Links

          has been marked as being related by

          Improvement - An enhancement to an existing Moodle feature. MDL-59326 Don't use password field for shared secrets

          • Minor - Minor loss of function where workaround is possible
          • Closed

            Activity

              People

              Assignee:
              pholden Paul Holden
              Reporter:
              pholden Paul Holden
              Peer reviewer:
              Michael Hawkins
              Integrator:
              Sara Arjona (@sarjona)
              Tester:
              Anna Carissa Sadia
              Participants:
              Component watchers:
              Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona), Tim Hunt, Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                20/May/19

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 40 minutes
                  40m