2008-10-06 18:54:34
Evening,
Background: I have enabled pretty URL and couple of public and private courses.
Issue is that any one registed for the private couse can see the URL's for the private course in their browser and access and share the course directly by copying and pasting the URL in the browser.
I would really appreciate if you can help resolve the issue
Thanks.
2008-10-07 03:32:20
morning,
this is not happening here. if I type in the URL for a private course I am redirected to the login page for that course. the URL for the courses are also available in the course catalogue, unless you set them to not show there.
2008-10-07 04:26:47
AFAIK, the PrettyURL feature doesn't intrude into the security mechanisms of ATutor so, in principle, it shouldn't pose any security threats.
Once you've logged out from an account that has access to a particular private course, you should be unable to enter that course by just following a URL. At least, from another machine/browser, or the same browser after reloading it.
Could you describe which exactly steps you take to share the course? Is that course public, protected or private?
2008-10-07 08:04:47
Morning,
Steps:
- Imported SCORM 1.2 package (multiple modules individually)
- Linked the course to the content section of a private course. (using direct http://{website}/aTutor/sco/8/13/1/start.html link for each module
Notes: If i copy the link to the browser it bypasses Atutor and gives direct access to the course.
But the link.
BUT what you are refering to the following link :
http://(Website}/aTutor/tools/packages/scorm-1.2/view.php?org_id=13 Which DOES TAKE to the logon module
2008-10-07 11:02:10
Quick question: Can we block the URL from being seen in the course window ?
2008-10-07 16:00:31
IndieRect,
I simulated the issue in your demo server
Content: Integrate text
URL: http://www.atutor.ca/atutor/demo161/go.php/demo_course/content.php?cid=1510
Your help is much apprecited. Is it a bug or am i doing things wrong ?
2008-10-08 08:35:35
The demo course is public, so you can access it directly without logging in. To prevent that, make the course private.
If you want to hide the location bar, you could add some scripting to the default header template that would hide it. I not sure if it this would reliably hide the location though. You'll need to experiment. Try searching google with "hide browser location"
2008-10-08 08:54:09
Blocking displaying the URL, even if you'll manage to do that, will be browser-dependent, and an attacker with enough diligence will be able to defeat it.
BTW, I'm not a part of the ATutor.ca, so technically it's not "my" demo server. :D
But I'd help you anyway in my spare time. Cheers!
2008-10-08 15:58:27
Greg,
Public or Private course i can access the course bypassing Atutor by using course direct link :{website}/aTutor/sco/8/13/1/start.html generated by loading SCORM 1.2 course.
I think this is a big issue
2008-10-08 18:42:57
Still can't reproduce the problem. Here's a link to a package in the demo course, now set to private (for now). It should ask you to login.
http://www.atutor.ca/atutor/demo161/tools/packages/scorm-1.2/learner_view.php?org_id=20
2008-10-08 19:04:36
Actually, on closer investigation, I am able to reproduce the problem.
http://www.atutor.ca/atutor/demo161/sco/1/22/1/start.html
The module's original maintainers are no longer maintaining it. If we can fit it into our development over the next few weeks, before the next release, we'll try to find a solution. Otherwise it's noted in the bug tracker and will get fixed in due time.
http://www.atutor.ca/atutor/mantis/view.php?id=3592
2008-10-08 21:07:54
Thanks. I appreciate it