New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Publicly Listing of all test attempts with IP included #4183
Comments
I want to know too the correct settings to change this. But, you can do the bad way. |
@sasnycon here: https://github.com/chamilo/chamilo-lms/blob/1.11.x/main/exercise/overview.php#L313 Could you explain why this is an issue in your case ? Would removing this column automatically in all courses marked "public" be the right solution ? Or should we rather check whether the user taking the test is an anonymous (non identified) user ? (trying to find what is the best solution with a practical case) |
I mean I need a little more info, because maybe it is an issue to store this IP in the database in the first place, but I'm not sure what your use case is... Is it related to GDPR or something else ? |
Hi, ywarnier, Thank you for your reply. I will try to give as much information as I can. Please find my answers below: Q: Could you explain why this is an issue in your case ? Q: Would removing this column automatically in all courses marked "public" be the right solution ? Or should we rather check whether the user taking the test is an anonymous (non identified) user ? (trying to find what is the best solution with a practical case) Q: Is it related to GDPR or something else ? |
Thank you for the extra info. It helps understand how to better fix this. Just so you know, there is a quick-fix mechanism to show this history based on cookies: you have to create more anonymous users (it's a bit tricky as you have to create normal users, than change their "status" to 6 in the database, but it's not that complex). If there are more than one anonymous users, then Chamilo will naturally "attach" each new anonymous user to an anonymous account and only show them their own history. This has a limit, though: as soon as you don't have enough anonymous users in the database to match new users connecting without logging in, it will start picking in the list of previous anonymous users and attach the new user to one of these (and show the corresponding history). Anyway, we are left with the task to automatically hide this IP address when ay anonymous user looks at the history of previous attempts. |
Hy Guys, |
You can track this elsewhere (fail2ban i.e.). But nevermind... |
To collect data and to make it publicly visible are 2 completely different things. |
Exercise - Hide column IP when user is anonymous in overview page #4183
@sasnycon Not sure how familiar your are with testing code changes sent through Git, but we'd love your feedback on the changes mentioned above, that should hide the IPs when users are anonymous, and show them only to the corresponding users. Otherwise we'll just consider it fixed as our internal testing suggests. |
This has nothing to do with the logs. It;s regarding sharing IPs to everyone in public. It's an information that admins should not share anyway by any security standards. |
I can't test it as I ave already changed the code manually as per the initial suggestion. |
Describe
All test attempts of non logged users are listed publicly with included IP address. There is not way to disable this or at least I can't find one.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
You should not see the IP of the other people that are attempting the test.
Screenshots
Desktop (please complete the following information):
**Server
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: