Note: You are currently viewing documentation for Moodle 3.9. Up-to-date documentation for the latest stable version of Moodle may be available here: Moodle app security.

Moodle app security: Difference between revisions

From MoodleDocs
Main pageManaging a Moodle siteMoodle appMoodle app security
Moodle app
(Created page with "{{Mobile}} The Moodle app is a hybrid app (uses web-technologies) developed on top of a well-tested widely used framework called "Cordova" that provides a robust container fo...")
(No difference)

Revision as of 09:33, 30 October 2020


The Moodle app is a hybrid app (uses web-technologies) developed on top of a well-tested widely used framework called "Cordova" that provides a robust container for HTML apps.

Security is very important to us, this is why we follow the Cordova security recommendations: - Cordova: https://cordova.apache.org/docs/en/latest/guide/appdev/security/ - Moodle: https://docs.moodle.org/dev/Security (when developing Web Services)

How we approach security

  • Login and authorisation
    • Authorisation is done via temporary access tokens. The duration of the access tokens can be configured via Moodle settings.
    • Single Sign On (or auto-login) from the app to the site is done using a special private token (that is obtained only the first time the user log-in with the app)
    • Single Sign On (or auto-login) from the app to the site has several additional restrictions (like limiting it in only several times per hour)
    • QR-Login is done using temporary tokens and requires the user to be in the same network (ip address) and it is limited to 10 minutes time
    • For retrieving files from the server (images or other assets), a different non-authentication token is used.
  • Permissions
    • The app only has access to a subset of Moodle functionalities (available through the Moodle App Service)
    • Privileges escalation is not possible via the Web Services layer since all the operations are done in a non-privileged way, permissions are checked based on the current authenticated user.
    • Even if a temporary access token for an admin (or privileged user) is hijacked, it won't be possible to the attacker to access to site administration functionality via the Moodle site.

Because the app is a Webservices client we recommend to enable it only under https and use the different settings to enforce security like:

  • Enable only certain roles to be able to access via the app via system capabilities (avoid site administrators)
  • Use Moodle security settings to reduce the expiration time of WebService access tokens (so the user has to authenticate again)
  • Apart from that, the Cordova framework enforces security with restrictions like avoiding connecting to sites running non-trusted certificates.

Where is the Moodle app security process?

  • We follow the standard Moodle security process: https://docs.moodle.org/dev/Moodle_security_procedures
  • There is only one relevant difference: security patches are applied inmediately in the next app release or in an emergency release (depending the risks attached to the issue)
Retrieved from "https://docs.moodle.org/39/en/index.php?title=Moodle_app_security&oldid=138698"
Powered by MediaWiki