ATutor

Learning Management Tools


  1. Home



Pages:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15


Content security issue



  • 2011-01-14 21:04:15

    Content security issue

    I'm using 2.0 and I made a content page and put a link to an external website on it. I accidentally copied the wrong link and coded the link as "http://mydomain/ATutor/mods/_core/editor/edit_content.php?cid=5".

    When a student clicked on the link, they were able to edit the content page! This seems like a security issue in that all a student would need to know is the URL of mods/editor/edit_content.php?cid=___ and they can change content.

    Is this a known issue?

    Thanks.


  • 2011-01-14 16:21:10

    Re: Content security issue

    A student does seem to be able to get to the editor, but can't actually change anything. Nonetheless, the editor should not be accessible to students. Added this to the fixes for the next release.

    http://atutor.ca/atutor/mantis/view.php?id=4695