[Xerte] Re: Security concern

Pat Lockley patrick.lockley at googlemail.com
Thu Aug 11 17:03:42 BST 2011 

It's a risk, as is anything online (but in no way a large one, and you
could just rename management.php)

I couldn't write a more secure way, as I couldn't find a php
encryption function which was common enough to make it simple for
other users.

If anyone has suggestions I can make the changes.

On Thu, Aug 11, 2011 at 4:18 PM, Matt Lingard <mattlingard at gmail.com> wrote:
> Thanks Pat.
>
> If anyone has made these changes, or alternatively, feels our concerns are
> unnecessary I'd be interested to hear.
> Regards,
> Matt
>
> On Thu, Aug 11, 2011 at 4:04 PM, Pat Lockley
> <patrick.lockley at googlemail.com> wrote:
>>
>> When I wrote it, we attached the caveat that we didn't advise people
>> on the security of their installs.
>>
>> If you'd prefer to had it encoded, then the changes can be made in
>> management.php to address storing the password in a different form.
>>
>> On Thu, Aug 11, 2011 at 3:46 PM, Matt Lingard <mattlingard at gmail.com>
>> wrote:
>> > The systems manager at my institution has raised a security concern
>> > regarding the password for the admin account for our Xerte Online
>> > toolkit.
>> >
>> > I'm told that the password is clear text (ie the characters are visible)
>> > in
>> > a table in the database called 'sitedetails' (as it is the
>> > management.php
>> > interface). He suggests that this isn't good practice.  Has anyone else
>> > had
>> > any concerns raised about this?  We run other services on the same
>> > server.
>> >
>> > I'm not particularly technical myself, just trying to ascertain the
>> > level of
>> > risk.
>> >
>> > thanks,
>> > Matt
>> >
>> > --
>> > Matt Lingard,
>> > Learning Technologist
>> > LSE
>> >
>> >
>> >
>> > This message and any attachment are intended solely for the addressee
>> > and
>> > may contain confidential information. If you have received this message
>> > in
>> > error, please send it back to me, and immediately delete it. Please do
>> > not
>> > use, copy or disclose the information contained in this message or in
>> > any
>> > attachment. Any views or opinions expressed by the author of this email
>> > do
>> > not necessarily reflect the views of the University of Nottingham.
>> >
>> > This message has been checked for viruses but the contents of an
>> > attachment
>> > may still contain software viruses which could damage your computer
>> > system:
>> > you are advised to perform your own checks. Email communications with
>> > the
>> > University of Nottingham may be monitored as permitted by UK
>> > legislation.
>> >
>> > _______________________________________________
>> > Xerte mailing list
>> > Xerte at lists.nottingham.ac.uk
>> > http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>> >
>> > This message and any attachment are intended solely for the addressee
>> > and
>> > may contain confidential information. If you have received this message
>> > in
>> > error, please send it back to me, and immediately delete it.   Please do
>> > not
>> > use, copy or disclose the information contained in this message or in
>> > any
>> > attachment.  Any views or opinions expressed by the author of this email
>> > do
>> > not necessarily reflect the views of the University of Nottingham.
>> >
>> > This message has been checked for viruses but the contents of an
>> > attachment
>> > may still contain software viruses which could damage your computer
>> > system:
>> > you are advised to perform your own checks. Email communications with
>> > the
>> > University of Nottingham may be monitored as permitted by UK
>> > legislation.
>> >
>> >
>> >
>>
>> _______________________________________________
>> Xerte mailing list
>> Xerte at lists.nottingham.ac.uk
>> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>
>
>
> --
> Matt Lingard,
> Educational Technology Consultant
> +44 (0)7801 276 559
> http://uk.linkedin.com/in/mattlingard
>
>
>
> This message and any attachment are intended solely for the addressee and
> may contain confidential information. If you have received this message in
> error, please send it back to me, and immediately delete it. Please do not
> use, copy or disclose the information contained in this message or in any
> attachment. Any views or opinions expressed by the author of this email do
> not necessarily reflect the views of the University of Nottingham.
>
> This message has been checked for viruses but the contents of an attachment
> may still contain software viruses which could damage your computer system:
> you are advised to perform your own checks. Email communications with the
> University of Nottingham may be monitored as permitted by UK legislation.
>
> _______________________________________________
> Xerte mailing list
> Xerte at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>
> This message and any attachment are intended solely for the addressee and
> may contain confidential information. If you have received this message in
> error, please send it back to me, and immediately delete it.   Please do not
> use, copy or disclose the information contained in this message or in any
> attachment.  Any views or opinions expressed by the author of this email do
> not necessarily reflect the views of the University of Nottingham.
>
> This message has been checked for viruses but the contents of an attachment
> may still contain software viruses which could damage your computer system:
> you are advised to perform your own checks. Email communications with the
> University of Nottingham may be monitored as permitted by UK legislation.
>
>
>

More information about the Xerte mailing list