[Xerte-dev] Re: Possible Xerte Security Error?

Julian Tenney Julian.Tenney at nottingham.ac.uk
Wed Apr 17 10:11:40 BST 2013


Hi,

I can find in our code that error: it gets thrown when the LDAP server is available, but the supplied credentials are incorrect. It's not that you've done anything wrong, the user has typed incorrect  information.

Also, to see the information, they must have _debug turned on. That is done in config.php, I think, chaps? If it is turned on, you should turn it off,

Julian


From: John Pettifor [mailto:jpettifor at youngepilepsy.org.uk]
Sent: 16 April 2013 09:28
To: 'is-learning-team at nottingham.ac.uk'
Subject: Possible Xerte Security Error?

I hope this is the right place to direct this.

We have a local Xerte Site installation with LDAP authentication. Yesterday one of our users reported an error as below:

Issue connecting to ldap server (#2) : Binding. YYYYYYY at ncype.org.uk<mailto:sweepsvc at ncype.org.uk> : :XXXXXXXX:
Y = Administrative User name used to sweep the Active Directory
X = Password for the above account

Both of these were obviously displayed in plain text. The user who viewed the account was a regular domain user.

Was this something we have done in error?

Regards,
John Pettifor
Media/ILT Technician & STTCT Project Coordinator
Young Epilepsy, St Piers Lane, Lingfield, Surrey RH7 6PW
T 01342 832243 (Ext. 438) M 07807916858  E: jpettifor at youngepilepsy.org.uk<mailto:jmorris at youngepilepsy.org.uk> Skype: PettiforJohn

youngepilepsy.org.uk
Young Epilepsy Helpline 01342 831342  or helpline at youngepilepsy.org.uk<mailto:helpline at youngepilepsy.org.uk>


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Young Epilepsy is the operating name of the National Centre for Young People with Epilepsy (NCYPE), St Piers Lane, Lingfield, Surrey RH7 6PW. Tel: 01342 832 243. Fax: 01342 834 639. www.youngepilepsy.org.uk<http://www.youngepilepsy.org.uk>

Registered Charity No. 311877



The information contained in or attached to this email is confidential and only intended for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient any reading, printing, storage, disclosure, copying or any other action taken in respect of this e-mail is prohibited and may be unlawful. If you have received this email in error, please notify the sender immediately by using the reply function and then permanently delete what you have received.



The views expressed in this email may not necessarily reflect the views or policies of Young Epilepsy.



Internet email is not a secure medium. Emails sent via the internet could be intercepted and read by someone else. Please bear that in mind when deciding whether to send material to Young Epilepsy. You have a responsibility to ensure laws are not broken when composing or forwarding emails and their contents.



All emails and attachments sent and received by Young Epilepsy employees are stored by a forensic compliance system and are monitored to ensure the effective operation of the system and for other lawful purposes.



Although Young Epilepsy operates anti-virus programmes, it does not accept any responsibility for any damage whatsoever that is caused by viruses being passed.




+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Young Epilepsy is the operating name of the National Centre for Young People with Epilepsy (NCYPE), St Piers Lane, Lingfield, Surrey RH7 6PW. Tel: 01342 832 243. Fax: 01342 834 639. www.youngepilepsy.org.uk<http://www.youngepilepsy.org.uk>

Registered Charity No. 311877



The information contained in or attached to this email is confidential and only intended for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient any reading, printing, storage, disclosure, copying or any other action taken in respect of this e-mail is prohibited and may be unlawful. If you have received this email in error, please notify the sender immediately by using the reply function and then permanently delete what you have received.



The views expressed in this email may not necessarily reflect the views or policies of Young Epilepsy.



Internet email is not a secure medium. Emails sent via the internet could be intercepted and read by someone else. Please bear that in mind when deciding whether to send material to Young Epilepsy. You have a responsibility to ensure laws are not broken when composing or forwarding emails and their contents.



All emails and attachments sent and received by Young Epilepsy employees are stored by a forensic compliance system and are monitored to ensure the effective operation of the system and for other lawful purposes.



Although Young Epilepsy operates anti-virus programmes, it does not accept any responsibility for any damage whatsoever that is caused by viruses being passed.




+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Young Epilepsy is the operating name of the National Centre for Young People with Epilepsy (NCYPE), St Piers Lane, Lingfield, Surrey RH7 6PW. Tel: 01342 832 243. Fax: 01342 834 639. www.youngepilepsy.org.uk<http://www.youngepilepsy.org.uk>

Registered Charity No. 311877



The information contained in or attached to this email is confidential and only intended for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient any reading, printing, storage, disclosure, copying or any other action taken in respect of this e-mail is prohibited and may be unlawful. If you have received this email in error, please notify the sender immediately by using the reply function and then permanently delete what you have received.



The views expressed in this email may not necessarily reflect the views or policies of Young Epilepsy.



Internet email is not a secure medium. Emails sent via the internet could be intercepted and read by someone else. Please bear that in mind when deciding whether to send material to Young Epilepsy. You have a responsibility to ensure laws are not broken when composing or forwarding emails and their contents.



All emails and attachments sent and received by Young Epilepsy employees are stored by a forensic compliance system and are monitored to ensure the effective operation of the system and for other lawful purposes.



Although Young Epilepsy operates anti-virus programmes, it does not accept any responsibility for any damage whatsoever that is caused by viruses being passed.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20130417/f8d016cd/attachment-0001.html>


More information about the Xerte-dev mailing list