[MDL-64190] Site admin password fields should use password config element - Moodle Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.3.9, 3.4.6, 3.5.3, 3.6.1
Fix Version/s: 3.7
Component/s: Administration, Global search, Quiz
Labels:
- ci

Testing Instructions:
Hide

Prerequisites:

Server with Solr setup. To set up on Linux:

Install SOLR PHP extension.

sudo apt install php-solr

Restart Apache.

sudo service apache2 restart

Install SOLR 7 docker container.

docker run --name solr7 -d -p 8983:8983 -t solr:7

Create index for your Moodle instance (e.g. integrationmaster).

docker exec -it --user=solr solr7 bin/solr create_core -c integrationmaster

Test

Visit Site Administration > Plugins > Search > Solr.

CONFIRM the HTTP authentication password field is a password unmask config element.

Visit Site administration > Plugins > Activity modules > Quiz.

CONFIRM the Require password field is a password unmask config element with and Advanced checkbox in the right.
Show
Prerequisites: Server with Solr setup. To set up on Linux: Install SOLR PHP extension. sudo apt install php-solr Restart Apache. sudo service apache2 restart Install SOLR 7 docker container. docker run --name solr7 -d -p 8983:8983 -t solr:7 Create index for your Moodle instance (e.g. integrationmaster). docker exec -it --user=solr solr7 bin/solr create_core -c integrationmaster Test Visit Site Administration > Plugins > Search > Solr. CONFIRM the HTTP authentication password field is a password unmask config element. Visit Site administration > Plugins > Activity modules > Quiz. CONFIRM the Require password field is a password unmask config element with and Advanced checkbox in the right.
Affected Branches:
MOODLE_33_STABLE, MOODLE_34_STABLE, MOODLE_35_STABLE, MOODLE_36_STABLE
Fixed Branches:
MOODLE_37_STABLE
Pull from Repository:
https://github.com/paulholden/moodle.git
Pull Master Branch:
~~MDL-64190~~
Pull Master Diff URL:
https://github.com/moodle/moodle/compare/master...paulholden:MDL-64190

Description

To prevent credential capture by shoulder surfing and the like, password configuration fields (such as the HTTP authentication password (search_solr | server_password) should use one of the password config types.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

MDL-64190.jpg
13 kB
31/Jan/19 9:52 AM

Issue Links

has been marked as being related by

MDL-59326 Don't use password field for shared secrets

Closed

Activity

People

Assignee:: Paul Holden

Reporter:: Paul Holden

Peer reviewer:: Michael Hawkins

Integrator:: Sara Arjona (@sarjona)

Tester:: Anna Carissa Sadia

Participants:: Anna Carissa Sadia, CiBoT, Michael Hawkins, Paul Holden, Sara Arjona (@sarjona)

Component watchers:: Andrew Lyons, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona), Tim Hunt, Andrew Lyons, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 23/Nov/18 7:11 PM

Updated:: 27/Mar/19 9:57 PM

Resolved:: 01/Feb/19 9:50 AM

Fix Release Date:: 20/May/19

Time Tracking

Estimated:

Remaining:

Logged:

40m

Details

Prerequisites:

Test

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Time Tracking