Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Security:Confidential information leakage

From MoodleDocs
Important:

This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.

Why not view this page on the new site and help us to migrate more content to the new site!

This page forms part of the Moodle security guidelines.

What is the danger?

Again, this is more a symptom of Unauthorised access and other problems, rather than a problem in its own right. However, Moodle handles a lot of personal information about its users, and some countries have laws about how that information is handled, so it is worth having a separate section to consider how we protect the personal information we have about our users.


How Moodle avoids this problem

Moodle now has enough capabilities that it can be configures to comply with various juristictions' privacy laws, while also being used in more permissive ways in other situations.


What you need to do in your code

  • Think about the type of information you are displaying when deciding which permissions checks to perform.
    • When a capability lets a user see more personal information about another user than normal, consider marking it as RISK_PERSONAL.
  • Make sure you protect against Unauthorised access, Cross-site scripting, and other problems that allow sensitive information to leak.


What you need to do as an administrator

  • Consider privacy issues when defining roles, and changing other settings.


See also