Moodle 1.8.11 release notes: Difference between revisions
From MoodleDocs
m (French link) |
Helen Foster (talk | contribs) (MDL-20838, MDL-18807) |
||
Line 3: | Line 3: | ||
==Security issues== | ==Security issues== | ||
This release contains a lot of security and privacy fixes related to the handling of user data and passwords in Moodle backups (MDL-20851). | This release contains a lot of security and privacy fixes related to the handling of user data and passwords in Moodle backups, MDL-20851. (Note that MDL-20851 and all the following security issues currently have a security level setting which restricts access). | ||
* MDL-20838 Hashed user passwords are no longer saved in backup files containing user data. | |||
:If anyone really needs passwords to be saved (in rare case of restoring a backup with user data to a different site) <code>$CFG->includeuserpasswordsinbackups</code> may be added to ''config.php''. | |||
* MDL-18807 To greatly reduce the risk of password theft, a [[Password salting|password salt]] is set in ''config.php'' when installing 1.8.11 and for upgrades, a notification message strongly recommends admins to set a password salt. In addition, the [[Security overview|security overview report]] gives a warning if no password salt has been set. | |||
''More issues to be listed soon...'' | |||
<noinclude> | <noinclude> |
Revision as of 10:14, 19 November 2009
Release date: Not yet released
Security issues
This release contains a lot of security and privacy fixes related to the handling of user data and passwords in Moodle backups, MDL-20851. (Note that MDL-20851 and all the following security issues currently have a security level setting which restricts access).
- MDL-20838 Hashed user passwords are no longer saved in backup files containing user data.
- If anyone really needs passwords to be saved (in rare case of restoring a backup with user data to a different site)
$CFG->includeuserpasswordsinbackups
may be added to config.php.
- MDL-18807 To greatly reduce the risk of password theft, a password salt is set in config.php when installing 1.8.11 and for upgrades, a notification message strongly recommends admins to set a password salt. In addition, the security overview report gives a warning if no password salt has been set.
More issues to be listed soon...