[Contrib: Evaluation System] Security issue: All templates are public
Aaron Zeckoski
azeckoski at unicon.net
Mon Apr 19 07:01:30 PDT 2010
I think this may be a security issue for some people but is desired
functionality for others. It depends on the usage of the system. This
is something we need at Cambridge for example and it is working as
designed from the Cambridge perspective. Perhaps this is more of a
feature request to make this behavior optional via a configuration
control.
-AZ
On Mon, Apr 19, 2010 at 2:39 PM, Sean DeMonner <demonner at umich.edu> wrote:
> If you suspect this issue may have security implications it's probably best
> to post it to security at sakaifoundation.org for review, not the open project
> list. For details see:
> http://confluence.sakaiproject.org/display/DOC/Security+Policy
>
> SMD.
>
> On Apr 19, 2010, at 5:06 AM, Lovemore Nalube wrote:
>
> Dear all,
>
> http://jira.sakaiproject.org/browse/EVALSYS-888
>
> I feel that this is a very serious issue. Please contribute your views on
> this in the Jira comments.
>
> I assume that because its a security issue we may not want to chat about it
> in the list.
>
> Thanks
>
>
> --
> Lovemore Nalube
> OLE Developer (Vula)
> University of Cape Town
> http://www.cet.uct.ac.za/LovemoreN
>
>
> ______________________________________________________________________________________________
>
> UNIVERSITY OF CAPE TOWN
>
> This e-mail is subject to the UCT ICT policies and e-mail disclaimer
> published on our website at
> http://www.uct.ac.za/about/policies/emaildisclaimer/ or obtainable from +27
> 21 650 4500. This e-mail is intended only for the person(s) to whom it is
> addressed. If the e-mail has reached you in error, please notify the author.
> If you are not the intended recipient of the e-mail you may not use,
> disclose, copy, redirect or print the content. If this e-mail is not related
> to the business of UCT it is sent by the sender in the sender's individual
> capacity.
>
> _____________________________________________________________________________________________________
>
> _______________________________________________
> evaluation mailing list
> evaluation at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/evaluation
>
> TO UNSUBSCRIBE: send email to evaluation-unsubscribe at collab.sakaiproject.org
> with a subject of "unsubscribe"
>
> SMD.
>
> ==========================================================
> Sean DeMonner, IT Senior Project Manager, CTools Implementation Group
> Digital Media Commons @ The Duderstadt Center, U-M (734) 615-9765
>
>
>
>
> _______________________________________________
> evaluation mailing list
> evaluation at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/evaluation
>
> TO UNSUBSCRIBE: send email to evaluation-unsubscribe at collab.sakaiproject.org
> with a subject of "unsubscribe"
>
--
Aaron Zeckoski - Software Engineer - http://tinyurl.com/azprofile
More information about the evaluation
mailing list