Note: You are currently viewing documentation for Moodle 2.0. Up-to-date documentation for the latest stable version is available here: Security recommendations.

Talk:Security recommendations

From MoodleDocs
Revision as of 14:45, 12 February 2006 by Jonathan Moore (talk | contribs)

Should this page deal with valid users as well? I'm talking about input sanitization, etc. For example, in my school's version of Moodle, I can craft some code that logs the user out as soon as they see my forum post. I suggest taking a look at MediaWiki's approach to code sanitizing. -- Tim McCormack is talk 12:45, 11 February 2006 (WST)

Tim, I believe what you are mentioning is actually related to the future development of Moodle code, or possibly and existing security bug? There is actually a lead Security Officer, Petr Škoda (skodak), who is charged with reviewing the security code. He would probably like to see an example of what you mentioned.