[Xerte] Re: Security concern

Matt Lingard mattlingard at gmail.com
Thu Aug 11 16:18:58 BST 2011 

Thanks Pat.

If anyone has made these changes, or alternatively, feels our concerns are
unnecessary I'd be interested to hear.
Regards,
Matt

On Thu, Aug 11, 2011 at 4:04 PM, Pat Lockley <patrick.lockley at googlemail.com
> wrote:

> When I wrote it, we attached the caveat that we didn't advise people
> on the security of their installs.
>
> If you'd prefer to had it encoded, then the changes can be made in
> management.php to address storing the password in a different form.
>
> On Thu, Aug 11, 2011 at 3:46 PM, Matt Lingard <mattlingard at gmail.com>
> wrote:
> > The systems manager at my institution has raised a security concern
> > regarding the password for the admin account for our Xerte Online
> toolkit.
> >
> > I'm told that the password is clear text (ie the characters are visible)
> in
> > a table in the database called 'sitedetails' (as it is the management.php
> > interface). He suggests that this isn't good practice.  Has anyone else
> had
> > any concerns raised about this?  We run other services on the same
> server.
> >
> > I'm not particularly technical myself, just trying to ascertain the level
> of
> > risk.
> >
> > thanks,
> > Matt
> >
> > --
> > Matt Lingard,
> > Learning Technologist
> > LSE
> >
> >
> >
> > This message and any attachment are intended solely for the addressee and
> > may contain confidential information. If you have received this message
> in
> > error, please send it back to me, and immediately delete it. Please do
> not
> > use, copy or disclose the information contained in this message or in any
> > attachment. Any views or opinions expressed by the author of this email
> do
> > not necessarily reflect the views of the University of Nottingham.
> >
> > This message has been checked for viruses but the contents of an
> attachment
> > may still contain software viruses which could damage your computer
> system:
> > you are advised to perform your own checks. Email communications with the
> > University of Nottingham may be monitored as permitted by UK legislation.
> >
> > _______________________________________________
> > Xerte mailing list
> > Xerte at lists.nottingham.ac.uk
> > http://lists.nottingham.ac.uk/mailman/listinfo/xerte
> >
> > This message and any attachment are intended solely for the addressee and
> > may contain confidential information. If you have received this message
> in
> > error, please send it back to me, and immediately delete it.   Please do
> not
> > use, copy or disclose the information contained in this message or in any
> > attachment.  Any views or opinions expressed by the author of this email
> do
> > not necessarily reflect the views of the University of Nottingham.
> >
> > This message has been checked for viruses but the contents of an
> attachment
> > may still contain software viruses which could damage your computer
> system:
> > you are advised to perform your own checks. Email communications with the
> > University of Nottingham may be monitored as permitted by UK legislation.
> >
> >
> >
>
> _______________________________________________
> Xerte mailing list
> Xerte at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>



-- 
Matt Lingard,
Educational Technology Consultant
+44 (0)7801 276 559
http://uk.linkedin.com/in/mattlingard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte/attachments/20110811/34f3fbcc/attachment-0001.html>

More information about the Xerte mailing list