Talk:Security: Difference between revisions
From MoodleDocs
(what about user input?) |
No edit summary |
||
| Line 1: | Line 1: | ||
Should this page deal with valid users as well? I'm talking about input sanitization, etc. For example, in my school's version of Moodle, I can craft some code that logs the user out as soon as they see my forum post. I suggest taking a look at MediaWiki's approach to code sanitizing. -- [[User:Phyzome|Phyzome]] is [[User talk:Phyzome|Tim McCormack]] 12:45, 11 February 2006 (WST) | Should this page deal with valid users as well? I'm talking about input sanitization, etc. For example, in my school's version of Moodle, I can craft some code that logs the user out as soon as they see my forum post. I suggest taking a look at MediaWiki's approach to code sanitizing. -- [[User:Phyzome|Phyzome]] is [[User talk:Phyzome|Tim McCormack]] 12:45, 11 February 2006 (WST) | ||
Tim, I believe what you are mentioning is actually related to the future development of Moodle code, or possibly and existing security bug? There is actually a lead Security Officer, Petr Škoda (skodak), who is charged with reviewing the security code. He would probably like to see an example of what you mentioned. | |||
Revision as of 14:45, 12 February 2006
Should this page deal with valid users as well? I'm talking about input sanitization, etc. For example, in my school's version of Moodle, I can craft some code that logs the user out as soon as they see my forum post. I suggest taking a look at MediaWiki's approach to code sanitizing. -- Tim McCormack is talk 12:45, 11 February 2006 (WST)
Tim, I believe what you are mentioning is actually related to the future development of Moodle code, or possibly and existing security bug? There is actually a lead Security Officer, Petr Škoda (skodak), who is charged with reviewing the security code. He would probably like to see an example of what you mentioned.
