Student Content visible from google search.
Bug #82908 reported by
Jason Straw
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
CanDo |
Invalid
|
Critical
|
Paul Carduner | ||
2007 |
Invalid
|
Undecided
|
Unassigned | ||
SchoolTool |
Invalid
|
Undecided
|
Unassigned |
Bug Description
When searching google for a students name, we were able to bring up their journal and schedule in cando without logging in. More research will be done after our meetings today to confirm and track what is available.
(Was done on Arlington Careercenter's public CanDo 06, I'll send more sensitive details in an email to Paul Carduner)
Changed in cando: | |
assignee: | nobody → paulcarduner |
importance: | Undecided → Critical |
status: | Unconfirmed → Confirmed |
Changed in schooltool: | |
status: | New → Invalid |
To post a comment you must log in.
This can be fixed *temporarily* by unchecking the "everyone can see
info of persons" checkbox in the access control page. Some pages in
CanDo require this box to be checked to work properly, but the whole
thing should just be changed from everyone to authenticated users. I
will make the change today.
- Paul
On 2/2/07, Jason Straw <email address hidden> wrote: /launchpad. net/bugs/ 82908
> Private bug reported:
>
> When searching google for a students name, we were able to bring up
> their journal and schedule in cando without logging in. More research
> will be done after our meetings today to confirm and track what is
> available.
>
> (Was done on Arlington Careercenter's public CanDo 06, I'll send more
> sensitive details in an email to Paul Carduner)
>
> ** Affects: cando (upstream)
> Importance: Critical
> Assignee: pcardune
> Status: Confirmed
>
> ** Changed in: cando (upstream)
> Importance: Undecided => Critical
> Assignee: (unassigned) => pcardune
> Status: Unconfirmed => Confirmed
> Target: None => cando2006
>
> --
> Student Content visible from google search.
> https:/
>