[Xerte] Re: Security concern

Pat Lockley patrick.lockley at googlemail.com
Thu Aug 11 16:04:37 BST 2011


When I wrote it, we attached the caveat that we didn't advise people
on the security of their installs.

If you'd prefer to had it encoded, then the changes can be made in
management.php to address storing the password in a different form.

On Thu, Aug 11, 2011 at 3:46 PM, Matt Lingard <mattlingard at gmail.com> wrote:
> The systems manager at my institution has raised a security concern
> regarding the password for the admin account for our Xerte Online toolkit.
>
> I'm told that the password is clear text (ie the characters are visible) in
> a table in the database called 'sitedetails' (as it is the management.php
> interface). He suggests that this isn't good practice.  Has anyone else had
> any concerns raised about this?  We run other services on the same server.
>
> I'm not particularly technical myself, just trying to ascertain the level of
> risk.
>
> thanks,
> Matt
>
> --
> Matt Lingard,
> Learning Technologist
> LSE
>
>
>
> This message and any attachment are intended solely for the addressee and
> may contain confidential information. If you have received this message in
> error, please send it back to me, and immediately delete it. Please do not
> use, copy or disclose the information contained in this message or in any
> attachment. Any views or opinions expressed by the author of this email do
> not necessarily reflect the views of the University of Nottingham.
>
> This message has been checked for viruses but the contents of an attachment
> may still contain software viruses which could damage your computer system:
> you are advised to perform your own checks. Email communications with the
> University of Nottingham may be monitored as permitted by UK legislation.
>
> _______________________________________________
> Xerte mailing list
> Xerte at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>
> This message and any attachment are intended solely for the addressee and
> may contain confidential information. If you have received this message in
> error, please send it back to me, and immediately delete it.   Please do not
> use, copy or disclose the information contained in this message or in any
> attachment.  Any views or opinions expressed by the author of this email do
> not necessarily reflect the views of the University of Nottingham.
>
> This message has been checked for viruses but the contents of an attachment
> may still contain software viruses which could damage your computer system:
> you are advised to perform your own checks. Email communications with the
> University of Nottingham may be monitored as permitted by UK legislation.
>
>
>



More information about the Xerte mailing list