Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69247

Check that everyone doesn't have the same lastip address

XMLWordPrintable

    • MOODLE_310_STABLE, MOODLE_39_STABLE

      Found as part of MDL-69074

      Default installed now have a more secure setting, in theory, but a narrow value for getremoteaddrconf is just as insecure as a wide value because everyone will end up with the same ip.

      So proposing to improve the getremoteaddrconf by looking at the last N users who logged and seeing if they share the same ip address, and if there is a very high degree of overlap that is a heuristic that the setting is wrong.

      There are some use cases like labs and exams where lots of people will legitimately have the same ip so this can never be perfect.

        SELECT count(*), lastip
      		 
          FROM (
      		 
                   SELECT lastip
      		 
                     FROM {user}
      		 
                 ORDER BY lastlogin DESC limit 1000
      		 
               ) AS ips
      		 
      GROUP BY lastip
      		 
      ORDER BY count(*) DESC, lastip

            Unassigned Unassigned
            brendanheywood Brendan Heywood
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.