Note: You are currently viewing documentation for Moodle 2.9. Up-to-date documentation for the latest stable version of Moodle may be available here: Backup of user data.

Backup of user data: Difference between revisions

From MoodleDocs
(category, cap link)
m (added link to spanish translation of page)
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Moodle includes a feature that allows course backups to include user data (such as forum posts, glossary entries and so on).  To do this Moodle also includes the relevant user accounts as well, in order that data consistency can be maintained when the backup is restored on a different Moodle site.  Unfortunately, in the wrong hands, this feature can also cause a privacy leak and possible exploitation of the whole original site.
{{Security overview report}}[[Image:Backup of user data.png|thumb|Backup of user data report]]Moodle includes a feature that allows course backups to include user data (such as forum posts, glossary entries and so on).  To do this Moodle also includes the relevant user accounts as well, in order that data consistency can be maintained when the backup is restored on a different Moodle site.  Unfortunately, in the wrong hands, this feature can also cause a privacy leak and possible exploitation of the whole original site.


Since Moodle 1.9.7 and Moodle 1.8.11 there is a new capability to control the backup of user data [[Capabilities/moodle/backup:userinfo|moodle/backup:userinfo]], separate from the capability to backup courses.  By default this capability is disabled for all roles.
There is a capability to control the backup of user data [[Capabilities/moodle/backup:userinfo|moodle/backup:userinfo]], separate from the capability to backup courses.  By default this capability is allowed for the manager role only.


The security report contains a check for this, and will report on any roles or users that have this capability enabled.  Please make sure that you keep this capability only for people who really need it.
The [[Security overview|security overview report]] contains a check for this, and will report on any roles or users that have this capability enabled.  Please make sure that you keep this capability only for people who really need it.


Please also note that even if you trust all those users shown, you should make sure they are using very strong passwords (by setting a [[report/security/report_security_check_passwordpolicy|password policy]] for them), because those same capabilities become available to anyone who might crack their accounts.
Please also note that even if you trust all those users shown, you should make sure they are using very strong passwords (by setting a [[report/security/report_security_check_passwordpolicy|password policy]] for them), because those same capabilities become available to anyone who might crack their accounts.
:''Tip'': Glossary and database activity entries can easily be moved to a different course using the export and import entries feature without needing to backup user data. 


==See also==
==See also==
Line 11: Line 13:
* Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum]
* Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum]


[[Category:Security]]
[[Category:Backup]]
[[Category:Backup]]
[[de:Nutzerdaten sichern]]
[[es:Respaldo de datos del usuario]]

Latest revision as of 23:18, 20 May 2013

Backup of user data report

Moodle includes a feature that allows course backups to include user data (such as forum posts, glossary entries and so on). To do this Moodle also includes the relevant user accounts as well, in order that data consistency can be maintained when the backup is restored on a different Moodle site. Unfortunately, in the wrong hands, this feature can also cause a privacy leak and possible exploitation of the whole original site.

There is a capability to control the backup of user data moodle/backup:userinfo, separate from the capability to backup courses. By default this capability is allowed for the manager role only.

The security overview report contains a check for this, and will report on any roles or users that have this capability enabled. Please make sure that you keep this capability only for people who really need it.

Please also note that even if you trust all those users shown, you should make sure they are using very strong passwords (by setting a password policy for them), because those same capabilities become available to anyone who might crack their accounts.

Tip: Glossary and database activity entries can easily be moved to a different course using the export and import entries feature without needing to backup user data.

See also