Talk:Security FAQ

Jump to: navigation, search

Note: You are currently viewing documentation for Moodle 3.3. Up-to-date documentation for the latest stable version of Moodle is probably available here: Security FAQ.

Not sure how long it has been (at least Moodle 2.5) since it was changed however to enable ReCAPTCHA you need to go to:

Site administration > Plugins > Authentication > Manage authentication

... not ...

Site Administration > Users > Authentication > Manage authentication.

Please update the Security FAQ as there is no Authentication under Users.

Best regards,

Michael Milette

Thanks Michael, I have amended the text. --Helen Foster (talk) 14:53, 4 February 2014 (WST)

Hi, Can you please add es:Seguridad FAQ to this protected page for the English Moodle 3.0, 2.x and 1.9 docs? Thanks in advance. German Valero (talk)

Thanks German, I have added the link to the 2.8 - 3.0 English docs. --Helen Foster (talk) 22:39, 17 November 2015 (AWST)
Thanks Helen. That was fast :) German Valero (talk)

I understand that reCaptcha has been hacked as recently as April 2016. Not a big fan of using Captcha or reCaptcha, is there anything else that can be used to validate human/nonhuman identities? Something that is free and maybe not easy to hack? Also, bearing in mind the blind and visually impaired who have difficulty with reCaptcha, there has to be some discussion or some alternative. --Colin Fraser (talk) 17:06, 19 September 2016 (AWST)

A little digging and I ran across this article from Vision Australia on Effective alternatives to inaccessible CAPTCHAS. --Colin Fraser (talk) 19:54, 19 September 2016 (AWST)

Hi Colin, if you've not done so already, I suggest you post on moodle.org about alternatives to Captcha and also make sure there is an issue for it in the tracker, since not many people watch pages in Moodle Docs. --Helen Foster (talk) 20:08, 19 September 2016 (AWST)

Yes, of course, I knew that...:) Doh!!--Colin Fraser (talk) 18:56, 21 September 2016 (AWST)

Hi, Maybe adding a link to https://moodle.org/plugins/local_csp (Content Security Policy) additional plugin would be a good addition to this (or another similar) security Docs page. This plugin allows an admin to create a Custom Security Policy (CSP) in both reporting mode and enforcing mode. A simple use case is to detect and cleanup issues with non secure content after a migration from http to https, through to advanced policies to mitigate from XSS attacks. German Valero (talk)

wait Hi, Can you please add a link to GDPR for administrators - GDPR stands for General Data Protection Regulation and refers to the European Union regulation for data protection for all individuals within the European Union. The regulation (Regulation (EU) 2016/679)2 becomes enforceable on 25 May 2018 and replaces the data protection directive (officially Directive 95/46/EC)3 from 1995. ? Thanks in advancee . German Valero (talk)

Hi German, Thanks for adding a 'GDPR for administrators' link to Increasing privacy in Moodle. I think though that we should only add a link to 'Security FAQ' if and when people start asking in the forums about it. --Helen Foster (talk) 15:10, 18 September 2017 (AWST)