Risks: Różnice pomiędzy wersjami

Z MoodleDocs
Skocz do:nawigacja, szukaj
Main pageManaging a Moodle siteRoles and permissionsRisks
Roles and permissions
Nie podano opisu zmian
(removing moodle/site:doanything link)
 
(Nie pokazano 4 wersji utworzonych przez 3 użytkowników)
Linia 1: Linia 1:
{{Roles}}
{{Roles}}Careful consideration should be given to the risks involved in allowing different capabilities.
 
Careful consideration should be given to the risks involved in allowing different capabilities.
 


==Configuration==
==Configuration==
Certain capabilities, such as [[Capabilities/moodle/site:doanything|moodle/site:doanything]] are intended for administrators only, as they enable users to change the site configuration and behaviour.
Certain capabilities are intended for administrators and managers only, as they enable users to change the site configuration and behaviour.


==XSS (Cross-Site Scripting)==
==XSS (Cross-Site Scripting)==
Certain capabilities enable users to add non-checked files and HTML code containing JavaScript etc.. This may be misused for cross-site scripting (XSS) purposes, with the potential to gain full admin access. These capabilities are intended for administrators and teachers only.
Certain capabilities enable users to add non-checked files and HTML code containing JavaScript etc. This may be misused for cross-site scripting (XSS) purposes, with the potential to gain full admin access. These capabilities are intended for administrators and teachers only.
 
:''Tip'': The [[Security overview|Security overview report]] (''Administration > Reports > Security overview'') lists all [[XSS trusted users]].


==Privacy==
==Privacy==
Linia 14: Linia 13:


==Spam==
==Spam==
Certain capabilities enable users to add content to site, for example forum posts, and send messages to other users. These capabilities may be misused for spamming purposes.
Certain capabilities enable users to add content to site, for example forum posts, account creation, and send messages to other users. These capabilities may be misused for spamming purposes.


==Risks for predefined roles==
==Risks for predefined roles==
Linia 27: Linia 26:
* [[Development:Hardening new Roles system]]
* [[Development:Hardening new Roles system]]
* [[Capabilities/moodle/site:trustcontent]]
* [[Capabilities/moodle/site:trustcontent]]
[[Category:Administrator]]
[[Category:Roles]]


[[es:Riesgos]]
[[es:Riesgos]]
[[fr:Risques]]
[[fr:Risques]]
[[ru:Риски]]
[[zh:风险]]
[[ja:リスク]]
[[ja:リスク]]
[[de:Risiken]]
[[de:Risiken]]

Aktualna wersja na dzień 08:21, 25 kwi 2012

Careful consideration should be given to the risks involved in allowing different capabilities.

Configuration

Certain capabilities are intended for administrators and managers only, as they enable users to change the site configuration and behaviour.

XSS (Cross-Site Scripting)

Certain capabilities enable users to add non-checked files and HTML code containing JavaScript etc. This may be misused for cross-site scripting (XSS) purposes, with the potential to gain full admin access. These capabilities are intended for administrators and teachers only.

Tip: The Security overview report (Administration > Reports > Security overview) lists all XSS trusted users.

Privacy

Certain capabilities enable users to gain access to private information of other users, for example non-public information in a user's profile. These capabilities are intended for administrators and teachers only.

Spam

Certain capabilities enable users to add content to site, for example forum posts, account creation, and send messages to other users. These capabilities may be misused for spamming purposes.

Risks for predefined roles

  • Guest - only capabilities without any risks are allowed
  • Student - certain capabilities with spam risks are allowed
  • Teacher - certain capabilities with XSS and privacy risks are allowed
  • Administrator - all capabilities are allowed

See also

Źródło: „https://docs.moodle.org/2x/pl/index.php?title=Risks&oldid=97164
Powered by MediaWiki