-
New Feature
-
Resolution: Fixed
-
Minor
-
3.11, 4.0, 4.2.1
-
MOODLE_311_STABLE, MOODLE_400_STABLE, MOODLE_402_STABLE
-
MOODLE_403_STABLE
-
MDL-69958-well-known-password -
Most modern password managers will automatically scan for passwords which have been compromised and alert you to change them. There is a spec which allows password managers to blindly link to a well known url for resetting a password on any site:
/.well-known/change-password
Specifically for moodle this should redirect to: /login/change_password.php
The spec is here:
https://w3c.github.io/webappsec-change-password-url/
This is supported in lots of places:
- chrome
- safari / ios
- 1Password
- LastPass
- Bitwarden
It is implemented on tons of sites eg:
- https://github.com/.well-known/change-password
- https://slack.com/.well-known/change-password
- https://wikipedia.org/.well-known/change-password
- has been marked as being related by
-
MDL-69333 Reduce ability to fingerprint a server with a htaccess-dist / nginx file / docs
- Closed
- will be (partly) resolved by
-
MDL-56041 Cleanup custom 404 page and more easily support custom 50x error pages
- Closed
- will help resolve
-
MDL-69732 Manifest file /.well-known/badgeconnect.json is ignored by OBv2.1
- Closed