← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #00408

[Bug 594891] Re: Adding internal authinstance as parent of xmlrpc allows login to existing accounts without a password

  Thread PreviousDate PreviousThread Next 
** Changed in: mahara/1.0
       Status: Fix Committed => Fix Released

** Visibility changed to: Public

-- 
Adding internal authinstance as parent of xmlrpc allows login to existing accounts without a password
https://bugs.launchpad.net/bugs/594891
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.

Status in Mahara ePortfolio: Fix Released
Status in Mahara 1.0 series: Fix Released
Status in Mahara 1.1 series: Fix Released

Bug description:
Date: Tue, 15 Jun 2010 08:32:20 +0200
Subject: URGENT: SSO from Moodle to Mahara
From: Gregor Anzelj <gregor.anzelj@xxxxxxxxx>
...

As you suggested, I've added internal as a parent to xmlrpc.

I couldn't log in with my username/password from Moodle. Upon inspection od
database I've discovered that the records for the users, that were added to
mhr_usr table contained only their usernames, but no passwords. So I could
login as any user (from Moodle) just by typing their username...

I think that the password should be also added when creating records in
table mhr_usr. What do you think?

Regards, Gregor

P.S. I can file a bug, but I wanted to contact you first...

--
----------
Gregor Anzelj, prof.
Gimnazija Ledina, Ljubljana
  Thread PreviousDate PreviousThread Next