Note: You are currently viewing documentation for Moodle 3.2. Up-to-date documentation for the latest stable version of Moodle is probably available here: Vendor directory security check.

Vendor directory security check: Difference between revisions

From MoodleDocs
(Backport from 33)
 
({{Security overview report}})
Line 1: Line 1:
{{Security overview report}}
== Vendor directory security check ==
== Vendor directory security check ==



Revision as of 07:39, 19 September 2017


Vendor directory security check

The vendor directory should not be present on public sites.

The directory vendor inside the Moodle dirroot contains various third-party libraries and their dependencies, typically installed by the PHP Composer. It may be needed for local development, such as for installing the PHPUnit framework. But it can also contain potentially dangerous code exposing your site to remote attacks.

It is strongly recommended to remove the directory if the site is available via a public URL, or at least prohibit web access to it.