Project

General

Profile

Bug #378

Course with private access BUG

Added by Carlos Vargas about 10 years ago. Updated almost 10 years ago.

Status:
Feature implemented
Priority:
Normal
Category:
-
Target version:
Start date:
07/12/2009
Due date:
% Done:

100%

Estimated time:
Complexity:
Normal
SCRUM pts - complexity:
?

Description

It seems that when a course is marked as Private access (site accessible only to people on the user list) then its content is still publically accessible when the URL is known. This has far reaching consequences when the Dokeos installation is on a internet facing system and content could be spidered by Google. URLs will load regardless of the course being private.

an example of a presentation that showed up in google is:
http://<system>/main/document/showinframes.php?cidReq=<course>&file=<file>

I would expect that when a course is marked Private Access that not just the course homepage but all pages and content are inaccessible for everyone that is not on the userlist including anonymous visitors and spiders. It's then very disappointing that in our system this is not the case in 1.8.6. It is not on the changelog for 1.8.6.1 and not listed as a known issue.
To recreate the issue:

  • create a new course (or take an existing course) * add documents * modify it and mark it as private * add a document * open the document * launch the same url in a different browser (or logout and launch the url)

Result:
Content is readable (logged in as anonymous user)

Expected:
Access denied.

Also if the anonymous user is set inactive then the content can still be viewed.

Issue exist also for Closed courses that are Completely closed; the unit is only accessible to the unit admin.

Sent it by sander.vandragt
http://www.dokeos.com/forum/viewtopic.php?t=29720

History

#1

Updated by Carlos Vargas about 10 years ago

Actualizado por Julio Montoya hace alrededor de 1 mes

  • Tema changed from Private courses' content not private. to Course with private access BUG

#2
Actualizado por Yannick Warnier hace alrededor de 1 mes

Comment

This should only happen when there is no .htaccess in the courses/ directory or when .htaccess are not supported by the Apache installation. Please try on an .htaccess-enabled installation before delving more into it.

#2

Updated by Yannick Warnier almost 10 years ago

  • Target version changed from 1.8.6.2 alpha to 1.8.6.2 RC1
#3

Updated by Christian Alberto Fasanando Flores almost 10 years ago

  • Assignee set to Christian Alberto Fasanando Flores
#4

Updated by Christian Alberto Fasanando Flores almost 10 years ago

I try on an .htaccess-enabled installation it looks fine.

#5

Updated by Christian Alberto Fasanando Flores almost 10 years ago

  • Status changed from New to Feature implemented
  • % Done changed from 0 to 100

Also available in: Atom PDF