Hi,
when using "external database" authentification (and maybe other methods)
users can reach (if they know it exists) "/moodle/login/signup.php" and
manually create an account.
I think this should not happen (denying access to the signup.php page
regarding to the selected authentification method).
For the moment, I just added an "exit;" at line 2 of the file
(I just don't want any of my students to mess things up)
Regards,
Fred.
Security problem ( ? ) : users can create accounts
Frederic Triquet írta időpontban
Válaszok szám: 3
Válasz erre: Frederic Triquet
Re: Security problem ( ? ) : users can create accounts
Martin Dougiamas írta időpontban
Thanks, Fredric! I've now fixed signup.php in CVS so it doesn't allow
this. Your one-liner is perfect for those sites using external
authentication who need a quick fix.
If possible, future security-related problems should go directly to me so that I can distribute fixes to registered sites privately before making public announcements here.
Cheers,
Martin
If possible, future security-related problems should go directly to me so that I can distribute fixes to registered sites privately before making public announcements here.
Cheers,
Martin
Válasz erre: Martin Dougiamas
Re: Security problem ( ? ) : users can create accounts
Frederic Triquet írta időpontban
ok, I did not know if it was a good idea to directly send an email to you for this problem, sorry
Válasz erre: Frederic Triquet
Re: Security problem ( ? ) : users can create accounts
Martin Dougiamas írta időpontban
No problems at all, Frederic! Any information about this stuff is very much appreciated!
I just mentioned this for the next time someone finds something.
I just mentioned this for the next time someone finds something.