Security problem ( ? ) : users can create accounts

Security problem ( ? ) : users can create accounts

by Frederic Triquet -
Number of replies: 3
Hi,
when using "external database" authentification (and maybe other methods)
users can reach (if they know it exists) "/moodle/login/signup.php" and
manually create an account.

I think this should not happen (denying access to the signup.php page
regarding to the selected authentification method).

For the moment, I just added an "exit;" at line 2 of the file
(I just don't want any of my students to mess things up)

Regards,

Fred.
Average of ratings: -
In reply to Frederic Triquet

Re: Security problem ( ? ) : users can create accounts

by Martin Dougiamas -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers
Thanks, Fredric! I've now fixed signup.php in CVS so it doesn't allow this. Your one-liner is perfect for those sites using external authentication who need a quick fix.

If possible, future security-related problems should go directly to me so that I can distribute fixes to registered sites privately before making public announcements here.

Cheers,
Martin
Average of ratings: -
In reply to Martin Dougiamas

Re: Security problem ( ? ) : users can create accounts

by Frederic Triquet -
ok, I did not know if it was a good idea to directly send an email to you for this problem, sorry shy
Average of ratings: -
In reply to Frederic Triquet

Re: Security problem ( ? ) : users can create accounts

by Martin Dougiamas -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers
No problems at all, Frederic! Any information about this stuff is very much appreciated!

I just mentioned this for the next time someone finds something. smile
Average of ratings: -