[MDL-76656] All security tokens should be read-once - Moodle Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.9.18, 3.11.11, 4.0.5, 4.1.1, 4.2
Fix Version/s: None
Component/s: General
Labels:

Affected Branches:
MOODLE_311_STABLE, MOODLE_39_STABLE, MOODLE_400_STABLE, MOODLE_401_STABLE, MOODLE_402_STABLE

Description

As skodak points out in MDL-76640, tokens should be read-once. If you forget it, then you create a new one.

We should audit all places which show a token and address this.

Attachments

Issue Links

will help resolve

MDL-76640 Allow admin users to use user/managetoken.php safely like a normal user

Development in progress

Activity

People

Assignee:: Unassigned

Reporter:: Andrew Lyons

Participants:: Andrew Lyons, Petr Skoda

Component watchers:: Adrian Greeve, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo

Votes:: 2 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 13/Dec/22 10:07 AM

Updated:: 13/Dec/22 3:22 PM