「リスク」の版間の差分
Mitsuhiro Yoshida (トーク | 投稿記録) 編集の要約なし |
Mitsuhiro Yoshida (トーク | 投稿記録) 編集の要約なし |
||
| 1行目: | 1行目: | ||
{{ロール}} | {{ロール}} | ||
作成中です - [[利用者:Mitsuhiro Yoshida|Mitsuhiro Yoshida]] | 作成中です - [[利用者:Mitsuhiro Yoshida|Mitsuhiro Yoshida]] 2007年6月13日 (水) 16:26 (CDT) | ||
異なるケイパビリティを許可することにより、リスクが生じる可能性があることを十分に考慮すべきです。 | |||
| 9行目: | 9行目: | ||
Certain capabilities, such as [[Capabilities/moodle/site:doanything|moodle/site:doanything]] are intended for administrators only, as they enable users to change the site configuration and behaviour. | Certain capabilities, such as [[Capabilities/moodle/site:doanything|moodle/site:doanything]] are intended for administrators only, as they enable users to change the site configuration and behaviour. | ||
==XSS ( | ==XSS (クロスサイト・スクリプティング)== | ||
Certain capabilities enable users to add non-checked files and HTML code containing JavaScript etc.. This may be misused for cross-site scripting (XSS) purposes, with the potential to gain full admin access. These capabilities are intended for administrators and teachers only. | Certain capabilities enable users to add non-checked files and HTML code containing JavaScript etc.. This may be misused for cross-site scripting (XSS) purposes, with the potential to gain full admin access. These capabilities are intended for administrators and teachers only. | ||
| 18行目: | 18行目: | ||
Certain capabilities enable users to add content to site, for example forum posts, and send messages to other users. These capabilities may be misused for spamming purposes. | Certain capabilities enable users to add content to site, for example forum posts, and send messages to other users. These capabilities may be misused for spamming purposes. | ||
== | ==デフォルトで定義されるロールのリスク== | ||
* Guest - only capabilities without any risks are allowed | * Guest - only capabilities without any risks are allowed | ||
| 28行目: | 28行目: | ||
* [[Development:Hardening new Roles system]] | * [[Development:Hardening new Roles system]] | ||
* [[ | * [[ケイパビリティ/moodle/site:trustcontent]] | ||
[[Category:管理者]] | [[Category:管理者]] | ||
2007年6月13日 (水) 21:26時点における版
作成中です - Mitsuhiro Yoshida 2007年6月13日 (水) 16:26 (CDT)
異なるケイパビリティを許可することにより、リスクが生じる可能性があることを十分に考慮すべきです。
設定
Certain capabilities, such as moodle/site:doanything are intended for administrators only, as they enable users to change the site configuration and behaviour.
XSS (クロスサイト・スクリプティング)
Certain capabilities enable users to add non-checked files and HTML code containing JavaScript etc.. This may be misused for cross-site scripting (XSS) purposes, with the potential to gain full admin access. These capabilities are intended for administrators and teachers only.
プライバシー
Certain capabilities enable users to gain access to private information of other users, for example non-public information in a user's profile. These capabilities are intended for administrators and teachers only.
スパム
Certain capabilities enable users to add content to site, for example forum posts, and send messages to other users. These capabilities may be misused for spamming purposes.
デフォルトで定義されるロールのリスク
- Guest - only capabilities without any risks are allowed
- Student - certain capabilities with spam risks are allowed
- Teacher - certain capabilities with XSS and privacy risks are allowed
- Administrator - all capabilities are allowed
