9 November 2009
- 18:2918:29, 9 November 2009 diff hist 0 Development:Security:Cross-site scripting →Escaping output 2 - JavaScript
- 18:2818:28, 9 November 2009 diff hist +1,294 Development:Security:Cross-site scripting →How Moodle avoids this problem
- 18:1918:19, 9 November 2009 diff hist +277 Development:Security:Cross-site scripting →What you need to do in your code
- 18:1718:17, 9 November 2009 diff hist +139 Development:Security →Clean and escape data before output
6 November 2009
- 17:3117:31, 6 November 2009 diff hist +1,122 N Development:Security:Command-line injection New page: This page forms part of the Moodle security guidelines. ==What is the danger?== This is very like SQL injection, except that it arises when we execute a command-... current
- 17:2617:26, 6 November 2009 diff hist 0 Development:Security:SQL injection →What is the danger?
- 17:2517:25, 6 November 2009 diff hist +2,812 N Development:Security:SQL injection New page: This page forms part of the Moodle security guidelines. ==What is the danger?== Suppose your code in .../course/view.php?id=123 does something like <code sql> SE...
- 17:0817:08, 6 November 2009 diff hist +5,283 N Development:Security:Cross-site scripting New page: This page forms part of the Moodle security guidelines. ==What is the danger?== Normally, web browser prevent JavaScript from server from affecting content that ...
- 16:4916:49, 6 November 2009 diff hist +61 Development:Security →Don't trust any input from users
- 16:2316:23, 6 November 2009 diff hist +123 Development:Security →Check permissions
- 16:2116:21, 6 November 2009 diff hist +1,483 N Development:Security:Confidential information leakage New page: This page forms part of the Moodle security guidelines. ==What is the danger?== Again, this is more a symptom of [[Development:Security:Unauthorised_access|Unaut... current
- 15:4215:42, 6 November 2009 diff hist +1,511 N Development:Security:Data-loss New page: This page forms part of the Moodle security guidelines. ==What is the danger?== This is more a symptom or other vulnerabilities, than a vulnerability in its own ... current
- 15:2515:25, 6 November 2009 diff hist +2,387 N Development:Security:Configuration information leakage New page: This page forms part of the Moodle security guidelines. ==What is the danger?== Suppose it is well know, at least by Evil Hacker and his friends, that certain ve... current
- 15:1015:10, 6 November 2009 diff hist +508 N Development:Security:Session fixation New page: This page forms part of the Moodle security guidelines. ==What is the danger?== ''Petr, please could you write this one. I have heard of this problem but I don't... current
- 15:0915:09, 6 November 2009 diff hist −5,012 Development talk:Security Replacing page with 'People seem happy enough with the new format that I have copied it to the main page. I will just leave the Development:Security:Template link here.' current
- 15:0815:08, 6 November 2009 diff hist +326 Development:Security →Common types of security vulnerability
- 15:0715:07, 6 November 2009 diff hist +1,781 Development:Security No edit summary
- 14:5914:59, 6 November 2009 diff hist +3,347 Development talk:Security No edit summary
- 14:1014:10, 6 November 2009 diff hist +1,564 N Development:Security:Social engineering New page: This page forms part of the Moodle security guidelines. ==What is the danger?== Moodle is so secure that Evil Hacker gives up on trying to crack the software. In... current
- 12:4212:42, 6 November 2009 diff hist +1,061 N Development:Security:Buffer overruns, and other platform weaknesses New page: This page forms part of the Moodle security guidelines. ==What is the danger?== Buffer overruns do not affect PHP code, since PHP is a high-level language that a... current
- 12:4112:41, 6 November 2009 diff hist +99 Development:Security:Insecure configuration management No edit summary current
- 12:3912:39, 6 November 2009 diff hist +351 Development:Security:Insecure configuration management No edit summary
- 12:3512:35, 6 November 2009 diff hist +1,312 N Development:Security:Insecure configuration management New page: This page forms part of the Moodle security guidelines. ==What is the danger?== Evil Hacker somehow gets access to your server some time and installs some nasty ...
- 12:2612:26, 6 November 2009 diff hist +175 Development talk:Security →Common types of security vulnerability
- 12:2512:25, 6 November 2009 diff hist +232 Development:Security:Unauthenticated access →How Moodle avoids this problem current
- 12:1712:17, 6 November 2009 diff hist +1,166 N Development:Security:Brute-forcing login New page: This page forms part of the Moodle security guidelines. ==What is the danger?== Evil Hacker wants to break into your Moodle site by stealing the account of a reg... current
- 12:0612:06, 6 November 2009 diff hist +1,723 N Development:Security:Denial of service New page: This page forms part of the Moodle security guidelines. ==What is the danger?== A malicious user tries to overload your server, so it crashes or becomes very slo... current
- 11:3911:39, 6 November 2009 diff hist +151 Development:Security:Cross-site request forgery No edit summary
- 11:3811:38, 6 November 2009 diff hist +266 Development:Security:Unauthorised access No edit summary
- 11:3411:34, 6 November 2009 diff hist +201 Development:Security:Unauthenticated access No edit summary
- 11:3211:32, 6 November 2009 diff hist +58 Development:Security:Template No edit summary current
- 11:3111:31, 6 November 2009 diff hist +172 Development talk:Security No edit summary
- 11:2711:27, 6 November 2009 diff hist +7 Development:Security:Unauthorised access →What you need to do
- 11:2511:25, 6 November 2009 diff hist +2,662 N Development:Security:Unauthorised access New page: This page forms part of the Moodle security guidelines. ==What is the danger?== Assuming you have dealt with the issue of [[Development:Security:Unauthenticated_...
- 10:5310:53, 6 November 2009 diff hist +45 Development talk:Security →Common types of security vulnerability
- 10:5210:52, 6 November 2009 diff hist +2,038 N Development:Security:Unauthenticated access New page: This page forms part of the Moodle security guidelines. ==What is the danger?== Moodle runs on a web server somewhere. A user sits at their computer somewhere e...
- 10:3410:34, 6 November 2009 diff hist +278 N Development:Security:Template New page: This page forms part of the Moodle security guidelines. ==What is the danger?== ==How Moodle avoids this problem== ==What you need to do== ==See also== * [[De...
- 10:3410:34, 6 November 2009 diff hist +38 Development talk:Security →Common types of security vulnerability
- 10:3210:32, 6 November 2009 diff hist +47 Development talk:Security →Common types of security vulnerability
5 November 2009
- 18:4018:40, 5 November 2009 diff hist +159 Custom SQL queries report →Quiz attempts in the last week/month
- 18:3918:39, 5 November 2009 diff hist +900 Custom SQL queries report →Share your interesting queries here
- 17:5817:58, 5 November 2009 diff hist +73 Development talk:Security No edit summary
- 17:5217:52, 5 November 2009 diff hist +1,267 N Development talk:Security New page: I am working on a revision of these guidelines. I am going to hack around on this talk page before copying the result to the main page. Start of new page contents. ----------- This page ...
- 17:4717:47, 5 November 2009 diff hist +4,369 N Development:Security:Cross-site request forgery New page: This page forms part of the Moodle security guidelines. ==What is the danger?== When you put a web application on the internet, you are making it available so th...
- 11:2411:24, 5 November 2009 diff hist +214 Development:Question Engine 2:Overview →What are the parts of a question?
- 11:1111:11, 5 November 2009 diff hist −145 Development:Question Engine 2:Overview →What are the parts of a question?
- 11:0711:07, 5 November 2009 diff hist 0 N File:Parts of a question2.png No edit summary current
4 November 2009
- 12:1412:14, 4 November 2009 diff hist +352 Custom SQL queries report →Deleting a query
- 10:5310:53, 4 November 2009 diff hist +236 N Development talk:Anonymous Users New page: Are you sure it should be a user_alias_course table? The other option would be to do user_alias_context, which would be more flexible. Not sure if you need the flexibility, but increasingl...