Course with private access BUG
It seems that when a course is marked as Private access (site accessible only to people on the user list) then its content is still publically accessible when the URL is known. This has far reaching consequences when the Dokeos installation is on a internet facing system and content could be spidered by Google. URLs will load regardless of the course being private.
an example of a presentation that showed up in google is:
I would expect that when a course is marked Private Access that not just the course homepage but all pages and content are inaccessible for everyone that is not on the userlist including anonymous visitors and spiders. It's then very disappointing that in our system this is not the case in 1.8.6. It is not on the changelog for 188.8.131.52 and not listed as a known issue.
To recreate the issue:
- create a new course (or take an existing course) * add documents * modify it and mark it as private * add a document * open the document * launch the same url in a different browser (or logout and launch the url)
Content is readable (logged in as anonymous user)
Also if the anonymous user is set inactive then the content can still be viewed.
Issue exist also for Closed courses that are Completely closed; the unit is only accessible to the unit admin.
Sent it by sander.vandragt
Updated by Carlos Vargas over 10 years ago
Actualizado por Julio Montoya hace alrededor de 1 mes
- Tema changed from Private courses' content not private. to Course with private access BUG
Actualizado por Yannick Warnier hace alrededor de 1 mes
This should only happen when there is no .htaccess in the courses/ directory or when .htaccess are not supported by the Apache installation. Please try on an .htaccess-enabled installation before delving more into it.