Dropbox and 'Login As...'

Dropbox and 'Login As...'

by Nitin Parmar -
Number of replies: 1

We're currently testing an instance of Moodle 2.2 ready for institutional deployment at the University of Bath and have discovered as issue with Moodle and the Dropbox repository.

Essentially, we have a test user who has allowed Moodle to connect to their Dropbox. All works fine up to this point... and the user can then interrogate their Dropbox folders and upload as necessary.

However, we've found that an Administrator can 'Login As...' that user and can too navigate this Dropbox account that the user has granted access too. Doesn't this pose quite a large security risk?

Average of ratings: -
In reply to Nitin Parmar

Re: Dropbox and 'Login As...'

by Frédéric Massart ⭐ -
Picture of Core developers Picture of Plugin developers Picture of Testers

Hi Nitin,

we have been working on this issue, and the fix should already be part of your Moodle 2.2. Did you make sure you had the very last version?

Also, it is required for the users to "Logout" from their Dropbox repository if they wish to prevent another user "Login as" to access their data.

For security reason the access is restricted, but this is the tracker issue which took care of this problem: http://tracker.moodle.org/browse/MDL-29872

Cheers,

Fred

Average of ratings: Useful (1)