Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59737

Moodle backups should use a non existent domain when anonymizing users

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 3.2.5, 3.3.2
    • 3.3.1
    • Backup
    • MOODLE_33_STABLE
    • MOODLE_32_STABLE, MOODLE_33_STABLE
    • MDL-59737_master
    • Hide
      Test 1
      1. Before patch
      2. Create a course with a few activities.
      3. Enrol a user as a student.
      4. Create a backup with with 'users', 'anonymize users' and 'user data' (for all activities) selected.
      5. Restore this course, creating a new course and including the user data.
      6. Restore the course a second time, again creating a new course and including the user data
      7. Upgrade
      8. Restore the backup you created and ensure all is fine, without any complaints about user conflicts. Any activities with user data should still have that data, but the users should all be anonymised versions.
      Test 2
      1. Create a course with a few activities.
      2. Enrol a user as a student.
      3. Create a backup with with 'users', 'anonymize users' and 'user data' (for all activities) selected.
      4. Restore this course, creating a new course and including the user data.
      5. Restore the course a second time, again creating a new course and including the user data and ensure all is fine, without any complaints about user conflicts. Any activities with user data should still have that data, but the users should all be anonymised versions.
      Show
      Test 1 Before patch Create a course with a few activities. Enrol a user as a student. Create a backup with with 'users', 'anonymize users' and 'user data' (for all activities) selected. Restore this course, creating a new course and including the user data. Restore the course a second time, again creating a new course and including the user data Upgrade Restore the backup you created and ensure all is fine, without any complaints about user conflicts. Any activities with user data should still have that data, but the users should all be anonymised versions. Test 2 Create a course with a few activities. Enrol a user as a student. Create a backup with with 'users', 'anonymize users' and 'user data' (for all activities) selected. Restore this course, creating a new course and including the user data. Restore the course a second time, again creating a new course and including the user data and ensure all is fine, without any complaints about user conflicts. Any activities with user data should still have that data, but the users should all be anonymised versions.

      Currently it changes the email address to be anonx@doesntexist.com, where x is a numerical counting id.

      doesntexist.com is a real domain and appears to be registered to dyndns (at least from my amateur sleuthing).

      Instead something like anonx@moodle.invalid should be used as it is less likely to ever be a domain as .invalid is reserved by RFC2606 for use as an obvious example of an invalid domain.
      There could be a theoretical attack where the domain owner let the domain expire and a malicious actor picks up the domain and has a catchall email address and attempts to reset passwords for the restored accounts.

            markn Mark Nelson
            devinefran Francis Devine
            Jun Pataleta Jun Pataleta
            Andrew Lyons Andrew Lyons
            David Mudrák (@mudrd8mz) David Mudrák (@mudrd8mz)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.