Totara Learn Open Discussions

TL-20799 Added support for whitelisting of known trusted SCORM packages

 
Craig Eves
Re: TL-20799 Added support for whitelisting of known trusted SCORM packages
par Craig Eves (Totara Support), Sunday 16 October 2022, 16:19
Groupe Totara

Hi Emiliano

This feature was added in Totara 13 and doesn't appear to be documented - I will create a ticket to update the documentation.

This added two capabilities 

  • Upload a new unknown SCORM package ('mod/scorm:addnewpackage') - use unknown local SCORM package or change package URL/reference via standard  edit form
  • Manage list of known trusted SCORM packages ('mod/scorm:managetrustedpackages') - manage the list of known trusted packages

Only trusted users should be given the  mod/scorm:addnewpackage permission

The changes to the interface include

  1. New error messages in the module edit form - displayed when user adds unknown package without permissions
  2. New report source for listing of all used local package files - this can be used for non-security management purposes too
  3. New report source  Known trusted SCORM packages for listing and management of trusted content hashes - the main purpose is to allow removal of package trust
When upgrading from an site  < 13 the site admin needs to review/update existing roles with RISK_ALLOWXSS highlighted

On reading further it doesn't look like there is actually a whitelist to populate - the package needs to be uploaded by someone with mod/scorm:addnewpackage enabled

Regards