「セキュリティFAQ」の版間の差分

提供:MoodleDocs
移動先:案内検索
(ページの作成: 作成中です - ~~~~ ==How do I report a security issue?== Please "Create a new issue" in the [http://tracker.moodle.org Moodle Tracker] describing the problem (and solution ...)
 
編集の要約なし
1行目: 1行目:
作成中です - [[利用者:Mitsuhiro Yoshida|Mitsuhiro Yoshida]] 2009年10月4日 (日) 17:38 (UTC)
作成中です - [[利用者:Mitsuhiro Yoshida|Mitsuhiro Yoshida]] 2009年10月4日 (日) 17:38 (UTC)


==How do I report a security issue?==
==セキュリティに関する問題を、どのように報告すればよいですか?==


Please "Create a new issue" in the [http://tracker.moodle.org Moodle Tracker] describing the problem (and solution if possible) in detail. Make sure you set the Security Level accurately to make sure that the security team sees it. Bugs classified as a "Serious security issue" will be hidden from the general public until the security team (led by Petr Skoda) is able to resolve it and publish fixes to registered Moodle sites (see below).
問題の詳細 (可能であれば解決策も) を記述した上で、[http://tracker.moodle.org Moodle Tracker]に報告してください。セキュリティチームが確認できるよう、報告時は、セキュリティレベルを正確に設定してください。Bugs classified as a "Serious security issue" will be hidden from the general public until the security team (led by Petr Skoda) is able to resolve it and publish fixes to registered Moodle sites (see below).


==How can I keep my site secure?==
==How can I keep my site secure?==

2009年10月5日 (月) 18:49時点における版

作成中です - Mitsuhiro Yoshida 2009年10月4日 (日) 17:38 (UTC)

セキュリティに関する問題を、どのように報告すればよいですか?

問題の詳細 (可能であれば解決策も) を記述した上で、Moodle Trackerに報告してください。セキュリティチームが確認できるよう、報告時は、セキュリティレベルを正確に設定してください。Bugs classified as a "Serious security issue" will be hidden from the general public until the security team (led by Petr Skoda) is able to resolve it and publish fixes to registered Moodle sites (see below).

How can I keep my site secure?

  • The usual way is to update your whole Moodle to the latest stable release of the version you are using. It is very safe to go from 1.8.1 to 1.8.2+, for example, at any time. CVS is a very easy way to do this.
  • Many of the notices will include patch information. If you are fairly confident with editing scripts, then it may be easier for you to just patch the affected file.

How do I keep track of recent security issues?

  • Register your Moodle sites with moodle.org (visit admin/index.php in your installation to see the registration button), making sure to enable the option of being notified about security issues and updates. After your registration is accepted, your email address will be automatically added to our low-volume securityalerts mailing list.
  • Eventually, all important security issues are published to the general public via the Moodle Security forum. You can subscribe to the forum RSS feed to automatically add new issues in your favourite feed reader or portal.

Which versions of Moodle are supported?

  • All versions available for download from download.moodle.org (1.6, 1.7, 1.8 and 1.9) are supported.
  • The latest development branch of Moodle is not intended for production use and while security problems are fixed, security announcements are not issued. If you are using the development branch for testing or evaluation, we assume that you will update your code regularly.
  • Our security officer Petr Škoda oversees the security of the code found in the standard Moodle distribution. The security of contributed code lies with the individual maintainers.

My site was hacked. What do I do?

See Hacked site recovery.

How can I reduce spam in Moodle?

See Reducing spam in Moodle.

How can I increase privacy in Moodle?

See Increasing privacy in Moodle.

How do I enable reCAPTCHA?

To add spam protection to the Email-based self-registration new account form with a CAPTCHA element:

  1. Obtain a reCAPTCHA key from http://recaptcha.net by signing up for an account (free) then entering a domain.
  2. Copy and paste the public and private keys provided into the recaptchapublickey and recaptchaprivatekey fields in the manage authentication common settings in Administration > Users > Authentication > Manage authentication.
  3. Click the "Save changes" button at the bottom of the page.
  4. Follow the settings link for email-based self-registration in Administration > Users > Authentication > Manage authentication and enable the reCAPTCHA element.
  5. Click the "Save changes" button at the bottom of the page.

How can I run the security overview report?

To run the new security overview report, you need to be using Moodle 1.8.9 or 1.9.4. The report can be accessed via Administration > Reports > Security overview.

関連情報

Using Moodle forum discussions: