report/security/report security check preventexecpath

From MoodleDocs
Revision as of 15:10, 29 January 2018 by Helen Foster (talk | contribs) ({{Security overview report}})
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Some administration options allow setting the path to executable files on the web server such as du, aspell, ghostscript and others. This can potentially cause a security risk. You can prevent administrators from changing these paths by adding the following setting to your config.php file:

$CFG->preventexecpath = true; You should also explicitly set the relevant paths in your config.php file such as: $CFG->pathtodu = 'PATH'; $CFG->pathtounoconv = 'PATH'; $CFG->aspellpath = 'PATH';