Note: You are currently viewing documentation for Moodle 3.6. Up-to-date documentation for the latest stable version of Moodle is likely available here: report/security/report security check embed.

report/security/report security check embed: Difference between revisions

From MoodleDocs
Main pageManaging a Moodle siteSecuritySecurity overview reportreport/security/report security check embed
Security
(security overview report template)
(explanation)
 
Line 1: Line 1:
{{Security overview report}}Allowing ordinary users to embed Flash and other media in their texts (eg forum posts) can be a problem because those rich media objects can be used to steal admin or teacher access, even if the media object is on another server.  
{{Security overview report}}Allowing ordinary users to embed Flash and other media in their texts (e.g. forum posts) can be a problem because those rich media objects can be used to steal admin or teacher access, even if the media object is on another server.
 
Thus it is recommended that the setting 'Allow EMBED and OBJECT tags' in 'Site policies' is left unticked.


==See also==
==See also==


* Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum]
* Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum]

Latest revision as of 07:29, 28 November 2016

Allowing ordinary users to embed Flash and other media in their texts (e.g. forum posts) can be a problem because those rich media objects can be used to steal admin or teacher access, even if the media object is on another server.

Thus it is recommended that the setting 'Allow EMBED and OBJECT tags' in 'Site policies' is left unticked.

See also

Retrieved from "https://docs.moodle.org/36/en/index.php?title=report/security/report_security_check_embed&oldid=126099"
Powered by MediaWiki