Vendor directory security check: Difference between revisions

From MoodleDocs
Main pageManaging a Moodle siteSecuritySecurity overview reportVendor directory security check
Security
m (Added link to spanish translation of page)
m (update link to Spanish page)
 
(2 intermediate revisions by one other user not shown)
Line 1: Line 1:
== Vendor directory security check ==
{{Security overview report}}


'''The vendor directory should not be present on public sites.'''
'''The vendor directory should not be present on public sites.'''
Line 8: Line 8:




[[es:report/security/report security check vendordir]]
[[es:Comprobación de seguridad del directorio de proveedores]]

Latest revision as of 17:22, 19 October 2023

The vendor directory should not be present on public sites.

The directory vendor inside the Moodle dirroot contains various third-party libraries and their dependencies, typically installed by the PHP Composer. It may be needed for local development, such as for installing the PHPUnit framework. But it can also contain potentially dangerous code exposing your site to remote attacks.

It is strongly recommended to remove the directory if the site is available via a public URL, or at least prohibit web access to it.

Retrieved from "https://docs.moodle.org/403/en/index.php?title=Vendor_directory_security_check&oldid=147226"
Powered by MediaWiki