Closed GoogleCodeExporter closed 8 years ago
Hi,
Thank you very much for your detailed analysis and description on this.
We will not address this because although the scenarios you describe exist,
they exist at a permission level of the Course Author who intentionally has
broad powers (like a webmaster). That is, even if these scenarios were closed
on our side, the Course Author / Admin can create arbitrary new pages and
create more vectors of his choosing.
Students are protected from each other since they do not enjoy this permission
level. However, students can't be protected from a malicious Course Author,
like unsuspecting users aren't protected from a malicious website (unless
through third-party means).
Thanks again for taking the time!
Original comment by r...@google.com
on 17 Oct 2014 at 5:12
Original issue reported on code.google.com by
rfletch....@gmail.com
on 10 Sep 2014 at 3:35