The scope of this is a bit larger than the LDAP credentials, given the
potential variety in accessible domains.
One could potentially use key-based encryption, storing the key in
config.php, using mcrypt. It wouldn't be bulletproof, but it would
prevent against SQL injection attacks or misplaced
This is similar to https://bugs.launchpad.net/mahara/+bug/611045 - if
it's not stored in cleartext, the feed can't be updated later. I guess
there could be an option to grab the feed once only on block
configuration, then throw the password away, but I think the default
should be to store and do u
** Description changed:
The externalfeed block should protect user credentials when
- authenticated RSS feeds are used. The blocktype in Mahara 1.8.1 appears
+ authenticated RSS feeds are used. The blocktype in Mahara 1.5.1 appears
to store login credentials in cleartext within the database.
Public bug reported:
The externalfeed block should protect user credentials when
authenticated RSS feeds are used. The blocktype in Mahara 1.8.1 appears
to store login credentials in cleartext within the database.
This presents an unfortunate vulnerability that could give access to
other systems
Public bug reported:
It would be beneficial to be able to include information about an RSS
feed's author as part of the external feed block.
This would help institutions avoid intentional and unintentional
plagiarism of others' RSS feeds. This could be a block-level option,
enabled by default.
*
5 matches
Mail list logo