-
Bug
-
Resolution: Fixed
-
Major
-
4.0
-
MOODLE_400_STABLE
-
MOODLE_400_STABLE
-
For the following two admin configuration values:
Badge settings
Salt for hashing the recipient's email address badges_badgesalt
|
Default: badges1563459714
|
|
Using a hash allows backpack services to confirm the badge earner without having to expose their email address. This setting should only use numbers and letters.
|
|
Note: For recipient verification purposes, please avoid changing this setting once you start issuing badges.
|
Calendar
Calendar export salt calendar_exportsalt
|
Default: 4cCjHcc8dTIDoECqTDCsK9z00JBckT7Gmp66c1SdiON8JYzigEcxVuv1yAIp
|
|
This random text is used for improving of security of authentication tokens used for exporting of calendars. Please note that all current tokens are invalidated if you change this hash salt.
|
Neither setting is considered "sensitive" by the admin presets tool, and will therefore always be exported regardless of the state of the "Include settings with passwords" (I note there are various other secret phrases and passwords that are considered "sensitive")
Unsure whether this is an improvement or a bug. I've considered it as a bug because a user can potentially cause destructive changes to their site if unknowingly changing either of these salt values (by invalidating all existing calendar URLs and badge assignments), when they import a preset to their site that contains either setting
- has been marked as being related by
-
MDL-78961 smtppass setting should not be included in admin site presets
-
- Closed
-