From 29ba20ac0414bfe913d4501de3df6853d20a0fc6 Mon Sep 17 00:00:00 2001 From: Martin Dougiamas Date: Tue, 17 Nov 2009 05:58:24 +0000 Subject: [PATCH] backup/nopasswords MDL-20383 Backups are now never saved with user passwords unless the admin has defined $CFG->includeuserbackupsinpasswords in config.php (Merged from 1.9) Credits to Eloy --- backup/backuplib.php | 6 +++++- config-dist.php | 7 +++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/backup/backuplib.php b/backup/backuplib.php index ead2f318b2..25909933a3 100644 --- a/backup/backuplib.php +++ b/backup/backuplib.php @@ -1340,7 +1340,11 @@ fwrite ($bf,full_tag("POLICYAGREED",4,false,$user->policyagreed)); fwrite ($bf,full_tag("DELETED",4,false,$user->deleted)); fwrite ($bf,full_tag("USERNAME",4,false,$user->username)); - fwrite ($bf,full_tag("PASSWORD",4,false,$user->password)); + // Prevent user passwords in backup files unless + // $CFG->includeuserpasswordsinbackup is defined. MDL-20838 + if (!empty($CFG->includeuserpasswordsinbackup)) { + fwrite ($bf,full_tag("PASSWORD",4,false,$user->password)); + } fwrite ($bf,full_tag("IDNUMBER",4,false,$user->idnumber)); fwrite ($bf,full_tag("FIRSTNAME",4,false,$user->firstname)); fwrite ($bf,full_tag("LASTNAME",4,false,$user->lastname)); diff --git a/config-dist.php b/config-dist.php index aa09536590..336b6626b3 100644 --- a/config-dist.php +++ b/config-dist.php @@ -152,6 +152,13 @@ $CFG->admin = 'admin'; // Useful for webhost operators who have alternate methods of backups // $CFG->disablescheduledbackups = true; // +// Allow user passwords to be included in backup files. Very dangerous +// setting as far as it publishes password hashes that can be unencrypted +// if the backup file is publicy available. Use it only if you can guarantee +// that all your backup files remain only privacy available and are never +// shared out from your site/institution! +// $CFG->includeuserpasswordsinbackup = true; +// // Prevent stats processing and hide the GUI // $CFG->disablestatsprocessing = true; // -- 2.39.5