[Contrib: Evaluation System] Security issue: All templates are public

Mon Apr 19 07:19:50 PDT 2010

Probably not. I wasn't involved in the decision making. Someone else
may be able to provide that information.
-AZ


On Mon, Apr 19, 2010 at 3:07 PM, May, Megan Marie <mmmay at indiana.edu> wrote:
> Could you explain the business process that makes this desired functionality?
>
> Thanks!
> Megan
>
> -----Original Message-----
> From: evaluation-bounces at collab.sakaiproject.org [mailto:evaluation-bounces at collab.sakaiproject.org] On Behalf Of Aaron Zeckoski
> Sent: Monday, April 19, 2010 10:02 AM
> To: Sean DeMonner
> Cc: evaluation at collab.sakaiproject.org
> Subject: Re: [Contrib: Evaluation System] Security issue: All templates are public
>
> I think this may be a security issue for some people but is desired
> functionality for others. It depends on the usage of the system. This
> is something we need at Cambridge for example and it is working as
> designed from the Cambridge perspective. Perhaps this is more of a
> feature request to make this behavior optional via a configuration
> control.
>
> -AZ
>
>
> On Mon, Apr 19, 2010 at 2:39 PM, Sean DeMonner <demonner at umich.edu> wrote:
>> If you suspect this issue may have security implications it's probably best
>> to post it to security at sakaifoundation.org for review, not the open project
>> list. For details see:
>> http://confluence.sakaiproject.org/display/DOC/Security+Policy
>>
>> SMD.
>>
>> On Apr 19, 2010, at 5:06 AM, Lovemore Nalube wrote:
>>
>> Dear all,
>>
>> http://jira.sakaiproject.org/browse/EVALSYS-888
>>
>> I feel that this is a very serious issue. Please contribute your views on
>> this in the Jira comments.
>>
>> I assume that because its a security issue we may not want to chat about it
>> in the list.
>>
>> Thanks
>>
>>
>> --
>> Lovemore Nalube
>> OLE Developer (Vula)
>> University of Cape Town
>> http://www.cet.uct.ac.za/LovemoreN
>>
>>
>> ______________________________________________________________________________________________
>>
>> UNIVERSITY OF CAPE TOWN
>>
>> This e-mail is subject to the UCT ICT policies and e-mail disclaimer
>> published on our website at
>> http://www.uct.ac.za/about/policies/emaildisclaimer/ or obtainable from +27
>> 21 650 4500. This e-mail is intended only for the person(s) to whom it is
>> addressed. If the e-mail has reached you in error, please notify the author.
>> If you are not the intended recipient of the e-mail you may not use,
>> disclose, copy, redirect or print the content. If this e-mail is not related
>> to the business of UCT it is sent by the sender in the sender's individual
>> capacity.
>>
>> _____________________________________________________________________________________________________
>>
>> _______________________________________________
>> evaluation mailing list
>> evaluation at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/evaluation
>>
>> TO UNSUBSCRIBE: send email to evaluation-unsubscribe at collab.sakaiproject.org
>> with a subject of "unsubscribe"
>>
>> SMD.
>>
>> ==========================================================
>> Sean DeMonner, IT Senior Project Manager, CTools Implementation Group
>> Digital Media Commons @ The Duderstadt Center, U-M      (734) 615-9765
>>
>>
>>
>>
>> _______________________________________________
>> evaluation mailing list
>> evaluation at collab.sakaiproject.org
>> http://collab.sakaiproject.org/mailman/listinfo/evaluation
>>
>> TO UNSUBSCRIBE: send email to evaluation-unsubscribe at collab.sakaiproject.org
>> with a subject of "unsubscribe"
>>
>
>
>
> --
> Aaron Zeckoski - Software Engineer - http://tinyurl.com/azprofile
> _______________________________________________
> evaluation mailing list
> evaluation at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/evaluation
>
> TO UNSUBSCRIBE: send email to evaluation-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"
>


-- 
Aaron Zeckoski - Software Engineer - http://tinyurl.com/azprofile