Totara Learn Open Discussions

TL-20799 Added support for whitelisting of known trusted SCORM packages

 
Emiliano Gonzalez
TL-20799 Added support for whitelisting of known trusted SCORM packages
by Emiliano Gonzalez - Sunday, 16 October 2022, 3:13 PM
Group PartnersGroup TXP Site Administrator

Hello, I'm trying to find more information about this capability in Totara Learn 16, but I couldn't find anything on the Documentation. 

Can anyone please tell me how can I whitelist trusted Scorm packages?  

Thanks! 

Emiliano

Tags:
 
Permalink | Reply
Craig Eves
Re: TL-20799 Added support for whitelisting of known trusted SCORM packages
by Craig Eves (Totara Support) - Sunday, 16 October 2022, 4:19 PM
Group Totara

Hi Emiliano

This feature was added in Totara 13 and doesn't appear to be documented - I will create a ticket to update the documentation.

This added two capabilities 

  • Upload a new unknown SCORM package ('mod/scorm:addnewpackage') - use unknown local SCORM package or change package URL/reference via standard  edit form
  • Manage list of known trusted SCORM packages ('mod/scorm:managetrustedpackages') - manage the list of known trusted packages

Only trusted users should be given the  mod/scorm:addnewpackage permission

The changes to the interface include

  1. New error messages in the module edit form - displayed when user adds unknown package without permissions
  2. New report source for listing of all used local package files - this can be used for non-security management purposes too
  3. New report source  Known trusted SCORM packages for listing and management of trusted content hashes - the main purpose is to allow removal of package trust
When upgrading from an site  < 13 the site admin needs to review/update existing roles with RISK_ALLOWXSS highlighted

On reading further it doesn't look like there is actually a whitelist to populate - the package needs to be uploaded by someone with mod/scorm:addnewpackage enabled

Regards


 
Permalink | Show parent | Reply