Enhancing Plugin Security and Authorization: Important Suggestions for Consideration

[9D3F]

Dear @abias and @lucaboesch,

I hope this message finds you well. I'd like to share a suggestion for further enhancing the plugin in a more concrete manner:

I've noticed that there might be room for improvement in the authorization concept of the plugin. It would be great if we could enhance it to ensure better security. It's crucial to approach the design, description, and implementation of security-related features with utmost care since users tend to rely on them.

Currently, there seems to be an issue where teachers who don't have authorization can still remove the password for others, which ideally shouldn't be the case. Moreover, the lack of logging for these actions makes it difficult to trace any unauthorized changes.

Given our target audience, consisting of several thousand schools in Germany, these adjustments are vital for us to be able to fully utilize the plugin.

We genuinely appreciate your consideration of these suggestions. Thank you in advance for your attention and support.

[abias]

Hi @Thefieldman ,

many thanks for taking the time to write your thoughts about this plugin down.

I've noticed that there might be room for improvement in the authorization concept of the plugin. It would be great if we could enhance it to ensure better security. It's crucial to approach the design, description, and implementation of security-related features with utmost care since users tend to rely on them.

Well, I would like to point out that this plugin is called 'password', but it's main design principle was to allow teachers to protect individual course activities with additional secrets - in addition to a course enrolment secret.
The plugin does not have the ambition to be a bulletproof solution for all usage scenarios which you can think of when you think of a 'password'.

Currently, there seems to be an issue where teachers who don't have authorization can still remove the password for others, which ideally shouldn't be the case. Moreover, the lack of logging for these actions makes it difficult to trace any unauthorized changes.

If you could give clear steps to reproduce for this situation, I would be grateful.
But as far as I understand, you want to say that there are two teachers A and B enrolled in a course, right? Teacher A knows the password to a password-protected activitiy and teacher B does not know the password and should not have access to that password-protected activitiy? But, in this case, teacher B still can remove the password protection and can still access the activity?
In this case, I can only say that teachers are teachers and have, by design of the teacher role, access to all course activities - regardless which availability conditions are added to activities.

Given our target audience, consisting of several thousand schools in Germany, these adjustments are vital for us to be able to fully utilize the plugin.

I fully understand your expectations. But this plugin is a community project. If you have such a large audience / clientele, please feel encouraged to spend some more time to explain your needs and, ideally, contribute code to fulfil the needs in the end.

Cheers,
Alex

[9D3F]

Hello Alex,

thank you for your quick response. I really appreciate your work on this plugin and don't want to do you any injustice. I understand that you developed the plugin for a specific purpose and think that the use case I described is very specific and may be rare.

In my opinion, the plugin is very successful and, among other things, makes a successful contribution to gamification!

Cheers
Dominic