Commit 29ba20ac authored by Martin Dougiamas's avatar Martin Dougiamas
Browse files

backup/nopasswords MDL-20383 Backups are now never saved with user passwords...

backup/nopasswords MDL-20383 Backups are now never saved with user passwords unless the admin has defined $CFG->includeuserbackupsinpasswords in config.php  (Merged from 1.9)   Credits to Eloy
parent 34dff6aa
......@@ -1340,7 +1340,11 @@
fwrite ($bf,full_tag("POLICYAGREED",4,false,$user->policyagreed));
fwrite ($bf,full_tag("DELETED",4,false,$user->deleted));
fwrite ($bf,full_tag("USERNAME",4,false,$user->username));
fwrite ($bf,full_tag("PASSWORD",4,false,$user->password));
// Prevent user passwords in backup files unless
// $CFG->includeuserpasswordsinbackup is defined. MDL-20838
if (!empty($CFG->includeuserpasswordsinbackup)) {
fwrite ($bf,full_tag("PASSWORD",4,false,$user->password));
}
fwrite ($bf,full_tag("IDNUMBER",4,false,$user->idnumber));
fwrite ($bf,full_tag("FIRSTNAME",4,false,$user->firstname));
fwrite ($bf,full_tag("LASTNAME",4,false,$user->lastname));
......
......@@ -152,6 +152,13 @@ $CFG->admin = 'admin';
// Useful for webhost operators who have alternate methods of backups
// $CFG->disablescheduledbackups = true;
//
// Allow user passwords to be included in backup files. Very dangerous
// setting as far as it publishes password hashes that can be unencrypted
// if the backup file is publicy available. Use it only if you can guarantee
// that all your backup files remain only privacy available and are never
// shared out from your site/institution!
// $CFG->includeuserpasswordsinbackup = true;
//
// Prevent stats processing and hide the GUI
// $CFG->disablestatsprocessing = true;
//
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment