Upgrade key

From MoodleDocs
Revision as of 09:52, 26 October 2015 by David Mudrak (talk | contribs) (Created page with "{{New features}} '''Upgrade key''' protects your Moodle site during the upgrade. When the Moodle site is being upgraded as a result of the Moodle core update and/or a plugin...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

New feature
in Moodle 3.5!

Upgrade key protects your Moodle site during the upgrade.

When the Moodle site is being upgraded as a result of the Moodle core update and/or a plugin installation/update, no authentication and authorization mechanisms are reliable. Any anonymous visitor of your site can potentially trigger the upgrade process by navigating their browser to your admin page. This can be seen as a security risk because a lot of sensitive information (server environment, plugin versions etc) are available at the upgrade screens.

To improve the protection of your site during the upgrade, it is recommended to configure the upgrade key in your main config.php file:

$CFG->upgradekey = 'put_some_shared_secret_here';

If the upgrade key is defined in the config.php file, its value must be provided to access the admin pages during the site upgrade.

Upgrade key required - the user must provide the key defined in the config.php to trigger the upgrade
Retrieved from "https://docs.moodle.org/35/en/index.php?title=Upgrade_key&oldid=120813"
Powered by MediaWiki