-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
4.3.5, 4.4
-
None
-
MOODLE_403_STABLE, MOODLE_404_STABLE
MDL-76656 prevented the tokens from being viewed after they have been created.
However, this is sub-optimal as there is no provision whatever for getting the token if you need to (short of looking in the database) and, worse, it just moves the problem somewhere else. People will copy the token at the once chance they get and store it insecurely.
There needs to be some provision for limited access to the tokens for those that need them. A capability to view the tokens, initially, only at admin level perhaps.
As it stands this is, IMO, half a job.
- is a regression caused by
-
MDL-76656 Web service tokens should be read-once
-
- Closed
-