Note: You are currently viewing documentation for Moodle 2.3. Up-to-date documentation for the latest stable version is available here: Site policies.

Site policies: Difference between revisions

From MoodleDocs
(added template)
(updating info)
Line 1: Line 1:
{{Security}}
{{Security}}
{{Improve}}
Location: ''Settings > Site administration > Security > Site policies''


Location: ''Administration > Security > Site policies''
==Force users to login==


If you turn this setting on all users must login before they even see the [[Front Page]] of the site.
==Force users to login for profiles==
Leave this set to Yes to keep anonymous visitors away from user profiles.


==Open to Google==
==Open to Google==
Line 23: Line 28:
  max_execution_time = 600 ; Maximum execution time of each script, in seconds;
  max_execution_time = 600 ; Maximum execution time of each script, in seconds;


3. The Moodle site-wide maximum uploaded file size setting: ''Administration > Security > Site policies > Maximum uploaded file size [128M]''.
3. The Moodle site-wide maximum uploaded file size setting: ''Settings > Site administration > Security > Site policies > Maximum uploaded file size''.


4. The Moodle course maximum uploaded file size setting in the course settings: ''Administration > Courses > Add/Edit courses > select Course category & edit each course > Maximum upload size [128M]''.
4. The Moodle course maximum uploaded file size setting in the course settings: ''Settings > Site administration > Courses > Add/Edit courses > select Course category & edit each course > Maximum upload size''.


5. Certain course activity module settings (for example, Assignment)
5. Certain course activity module settings (for example, Assignment)


===See Also===
==User quota==
*[[File_upload_size | File Upload Size]]
 
==Enable messaging system==
 
Click the checkbox to enable site-wide [[Messaging]].
 
:''Note'': If you enable the messaging system, all users will be able to send and receive messages at any time. Teachers can't choose whether or not messaging is allowed between students in their particular course.
 
==Force users to login==
 
If you turn this setting on all users must login before they even see the [[Front Page]] of the site.  See [[Authentication]] for different ways of creating user accounts, needed for login.
 
Note:  While you may turn this setting on, if you have not disabled guest access to your site users will still have access to your Front Page through the Guest account.  More information on Guest access and how to enable/disable it can be found here: [https://docs.moodle.org/en/Guest_access Guest role].


==Force users to login for profiles==
The maximum number of bytes that a user can store in their own private files area.
 
Leave this set to Yes to keep anonymous visitors away from user profiles. (See the Using Moodle forum discussion [http://moodle.org/mod/forum/discuss.php?d=89061 3rd party spam exploit possible? Help please!].)


==Enable trusted content==
==Enable trusted content==


Please refer to [[Development:Trusttext cleaning bypass]] for further information.
By default Moodle will always thoroughly clean text that comes from users to remove any possible bad scripts, media etc that could be a security risk. The Trusted Content system is a way of giving particular users that you trust the ability to include these advanced features in their content without interference. To enable this system, you need to first enable this setting, and then grant the Trusted Content permission to a specific Moodle role. Texts created or uploaded by such users will be marked as trusted and will not be cleaned before display. Please refer to [[Development:Trusttext cleaning bypass]] for further information.


==Maximum time to edit posts==
==Maximum time to edit posts==
Line 68: Line 58:
:''Tips''  
:''Tips''  
:*It is recommended that the site policy is on the same domain as Moodle to avoid the problem of Internet Explorer users seeing a blank screen when the site policy is on a different domain.
:*It is recommended that the site policy is on the same domain as Moodle to avoid the problem of Internet Explorer users seeing a blank screen when the site policy is on a different domain.
:*If the front page of your site is [[Site_policies#Force_users_to_login|open to guests]] (i.e. not forcing everyone to log in before viewing the front page) then you can upload it to your site files area.
:*If the front page of your site is open to guests (i.e. not forcing everyone to log in before viewing the front page) then you can upload it to your site files area.
:*If you do force everyone to log in then you will need to upload it via FTP to another location; i.e. the root of your web server.
:*If you do force everyone to log in then you will need to upload it via FTP to another location; i.e. the root of your web server.
==Enable tags functionality==
Users may [[Tags|tag]] themselves and create interest pages around those tags.


==Keep tag name casing==
==Keep tag name casing==
Line 96: Line 82:
==Disable user profile images==
==Disable user profile images==


The ability for users to change their profile images may be disabled by checking the ''disableuserimages'' box.
The ability for users to change their [[User pictures|profile images]] may be disabled by checking the ''disableuserimages'' box.


==Email change confirmation==
==Email change confirmation==


A confirmation step is required for users to change their email address unless the ''emailchangeconfirmation'' box is unchecked.
A confirmation step is required for users to change their email address unless the ''emailchangeconfirmation'' box is unchecked.
==Enable notes==
[[Notes]] may be disabled.
== See also ==
*[[Administration FAQ]]
[[Category:Administrator]]
[[Category:Security]]


[[eu:Gunearen_politikak]]
[[eu:Gunearen_politikak]]

Revision as of 20:03, 3 October 2011

Location: Settings > Site administration > Security > Site policies

Force users to login

If you turn this setting on all users must login before they even see the Front Page of the site.

Force users to login for profiles

Leave this set to Yes to keep anonymous visitors away from user profiles.

Open to Google

Enabling this setting allows Google's search spiders guest access to your site. Any part of the site that allows guest access will then be searchable on Google. In addition, people coming in to your site via a Google search will automatically be logged in as a guest.

Maximum uploaded file size

Probably the most frequently asked question in the Moodle.org Using Moodle forums is "How do I increase the upload file size limit?"

Upload file sizes are restricted in a number of ways - each one in this list restricts the following ones:

1. The Apache server setting LimitRequestBody ... default in Apache 2.x or greater is set to 0 or an unlimited upload size

2. The PHP site settings post_max_size and upload_max_filesize in php.ini : modify php.ini in web server directories ( apache2.x.x/bin/php.ini ) not in php directories :

post_max_size = 128M;  to increase limit to 128 Megabytes;
upload_max_filesize = 128M;  to increase limit to 128 Megabytes;
max_execution_time = 600 ; Maximum execution time of each script, in seconds;

3. The Moodle site-wide maximum uploaded file size setting: Settings > Site administration > Security > Site policies > Maximum uploaded file size.

4. The Moodle course maximum uploaded file size setting in the course settings: Settings > Site administration > Courses > Add/Edit courses > select Course category & edit each course > Maximum upload size.

5. Certain course activity module settings (for example, Assignment)

User quota

The maximum number of bytes that a user can store in their own private files area.

Enable trusted content

By default Moodle will always thoroughly clean text that comes from users to remove any possible bad scripts, media etc that could be a security risk. The Trusted Content system is a way of giving particular users that you trust the ability to include these advanced features in their content without interference. To enable this system, you need to first enable this setting, and then grant the Trusted Content permission to a specific Moodle role. Texts created or uploaded by such users will be marked as trusted and will not be cleaned before display. Please refer to Development:Trusttext cleaning bypass for further information.

Maximum time to edit posts

This sets the editing time for forum postings. The editing time is the amount of time users have to change forum postings before they are mailed to subscribers.

Please refer to the forum discussions Editing a forum post after the 30 minutes deadline and The philosophy underlying "no editing after 30 minutes"

Allow extended characters in usernames

The default here, unchecked = unenabled, can only contain alphabetical letters in lowercase, numbers, hypen '-', underscore '_', period '.', or at sign '@'. If you enable this, it will be possible to have any characters for the username.

Site policy URL

If you have a site policy that all users must see and agree to before using this site, then specify the URL to it here, otherwise leave this field blank. The URL can point to anywhere, for example a file in the site files.

Tips
  • It is recommended that the site policy is on the same domain as Moodle to avoid the problem of Internet Explorer users seeing a blank screen when the site policy is on a different domain.
  • If the front page of your site is open to guests (i.e. not forcing everyone to log in before viewing the front page) then you can upload it to your site files area.
  • If you do force everyone to log in then you will need to upload it via FTP to another location; i.e. the root of your web server.

Keep tag name casing

If checked, then tags like the following will be displayed: SOCCER, gUiTaR, MacDonalds, music

If unchecked, then all tags will be displayed as follows: Soccer, Guitar, Macdonalds, Music

Tips:
  • For English, off is useful.
  • For Japanese, no changes are made either way.
  • For languages where this kind of capitalization changes the meaning, it is best to keep this option on.

Profiles for enrolled users only

To prevent misuse by spammers, profile descriptions of users who are not yet enrolled in any course are hidden. New users must enrol in at least one course before they can add a profile description.

Password policy

A password policy may be set up, ensuring users choose passwords of a certain length etc. The password policy is enabled by default in Moodle 1.9.7 (upgrades and new installs) onwards.

Disable user profile images

The ability for users to change their profile images may be disabled by checking the disableuserimages box.

Email change confirmation

A confirmation step is required for users to change their email address unless the emailchangeconfirmation box is unchecked.