Note: You are currently viewing documentation for Moodle 3.10. Up-to-date documentation for the latest stable version of Moodle may be available here: report/security/report security check preventexecpath.

report/security/report security check preventexecpath

From MoodleDocs
Revision as of 06:50, 11 September 2017 by Dan Marsden (talk | contribs) (add some info about preventexecpath)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Moodle administrators are able to define the path to a number of executable files hosted Some administration options allow setting the path to executable files on the web server such as du, aspell, ghostscript and others. This can potentially cause a security risk. You can prevent adminstrators from changing these paths by adding the following setting to your config.php file:

$CFG->preventexecpath = true;

You should also explicitly set the relevant paths in your config.php file such as: $CFG->pathtodu $CFG->pathtounoconv $CFG->aspellpath