UDOIT Advantage says it recently had errors that first added special file permissions, then removed all special file permissions from pages it fixed. Could someone please check my understanding of this error and/or share how you're handling it?
Details - may be a fairly narrow problem?
- It appears to me that they're talking about "files" as the stuff NOT native to Canvas; so essentially download links or links to things that show up in a file reader.
- It also seems like at the end of March Canvas plans to phase out the use of verifier parameters for file downloads. Therefore, it seems like any security loophole will close at by the end of march if we do nothing. (Am I understanding the deploy correctly?)
Possible procedure
I think this implies two things:
- Instructors only possibly have a problem if they have course / user files they want to keep hidden, but they linked to them somewhere. Those are the only links they'd need to check, and remove any verifier parameters they find.
- Further, they do not need to check links that are in course materials that they did not change with UDOIT, if they know that for sure.
- After this fix, the only people who will have problems are those who WANT to create links with verifier parameters and still use UDOIT.
- I'm not finding instructions for how to create such links so I can test them. Is there a way? How common is this?
- It seems like it may not be an issue after the March 25 Canvas deploy, which means that verifier parameters no longer work. (if I interpret that right.
If my understanding is correct, we could tell instructors that they only need to check a narrow range of links (as in point 1 above) and that they only need to worry going forward if they want to link to files that are not otherwise available.
Thanks!
Betsy
