Site security settings: Difference between revisions

From MoodleDocs
(→‎Group enrolment key policy: password policy requirement)
(Moving password visibility toggle to authentication)
Tags: Manual revert Visual edit
 
(7 intermediate revisions by 7 users not shown)
Line 1: Line 1:
.
{{Security}}==Protect usernames==
{{Security}}
===Protect usernames===


If enabled, when a user attempts to reset their password and enters a username or email address, the following message is displayed: "If you supplied a correct username or email address then an email should have been sent to you." This is to prevent a malicious party from using the interface to determine which usernames and email addresses are in use in valid accounts.
If enabled, when a user attempts to reset their password and enters a username or email address, the following message is displayed: "If you supplied a correct username or email address then an email should have been sent to you." This is to prevent a malicious party from using the interface to determine which usernames and email addresses are in use in valid accounts.
Line 7: Line 5:
If the protect usernames setting is disabled, when a user attempts to reset their password they are provided with feedback regarding whether an account exists with the username or email address supplied. For example, the message "The email address was not found in the database" may be displayed.
If the protect usernames setting is disabled, when a user attempts to reset their password they are provided with feedback regarding whether an account exists with the username or email address supplied. For example, the message "The email address was not found in the database" may be displayed.


===Force users to login===
==Force users to login==


If you turn this setting on, all users must login before they even see the [[Front Page]] of the site. Note however that this does not prevent guest access to courses, if you have autologin guests enabled in [[User policies]].
If you turn this setting on, all users must login before they even see the [[Front Page]] of the site. Note however that this does not prevent guest access to courses, if you have autologin guests enabled in [[User policies]].


===Force users to login for profiles===
==Force users to login for profiles==


Leave this set to Yes to keep anonymous visitors away from user profiles.  
Leave this set to Yes to keep anonymous visitors away from user profiles.  


===Force users to login to view user pictures===
==Force users to login to view user pictures==


If enabled, users must login in order to view user profile pictures and the default user picture will be used in all notification emails.
If enabled, users must login in order to view user profile pictures and the default user picture will be used in all notification emails.


===Open to Google===
==Open to search engines==


Enabling this setting allows Google's search spiders guest access to your site. Any part of the site that allows guest access will then be searchable on Google. In addition, people coming in to your site via a Google search will automatically be logged in as a guest.
Enabling this setting allows search engines crawlers guest access to your site. Any part of the site that allows guest access will then be searchable on search engines. In addition, people coming in to your site via a search engine search will automatically be logged in as a guest.
 
== Referrer policy ==
 
A referrer policy can be set, various parts of moodle rely on the referrer being set so it's generally best to only remove or reduce the referrer for external links. So a policy of origin-when-cross-origin is probably the best balance.
See the MDN docs for more details:
 
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy


==Allow indexing by search engines==
==Allow indexing by search engines==
This determines whether to allow search engines to index your site. The default is Everywhere except login and signup pages.
This determines whether to allow search engines to index your site. The default is Everywhere except login and signup pages.


===Profile visible roles===
==Profile visible roles==
Any role which is checked/ticked here will be visible on  user profiles and the Participation screen.
Any role which is checked/ticked here will be visible on  user profiles and the Participation screen.


===Maximum uploaded file size===
==Maximum uploaded file size==


Probably the most frequently asked question in the Moodle.org Using Moodle forums is "How do I increase the upload file size limit?"
Probably the most frequently asked question in the Moodle.org Using Moodle forums is "How do I increase the upload file size limit?"
Line 53: Line 58:
* See [[File upload size]] for more details.
* See [[File upload size]] for more details.


===User quota===
==User quota==


The maximum number of bytes that a user can store in their own [[Private files]] area.
The maximum number of bytes that a user can store in their own [[Private files]] area.


===Allow EMBED and OBJECT tags===
==Allow EMBED and OBJECT tags==
Allowing these presents a security risk but if you wish normal users such as students to be able to use them then check the box here.
Allowing these presents a security risk but if you wish normal users such as students to be able to use them then check the box here.


===Enable trusted content===
==Enable trusted content==


By default Moodle will always thoroughly clean text that comes from users to remove any possible bad scripts, media etc that could be a security risk. The Trusted Content system is a way of giving particular users that you trust the ability to include these advanced features in their content without interference. To enable this system, you need to first enable this setting, and then grant the [[Capabilities/moodle/site:trustcontent|Trust submitted content]] capability to a specific Moodle role. Texts created or uploaded by such users will be marked as trusted and will not be cleaned before display.
By default Moodle will always thoroughly clean text that comes from users to remove any possible bad scripts, media etc. that could be a security risk. The Trusted Content system is a way of giving particular users that you trust the ability to include these advanced features in their content without interference. To enable this system, you need to first enable this setting, and then grant the [[Capabilities/moodle/site:trustcontent|Trust submitted content]] capability to a specific Moodle role. Texts created or uploaded by such users will be marked as trusted and will not be cleaned before display.


===Maximum time to edit posts===
==Maximum time to edit posts==


This sets the editing time for forum postings. The editing time is the amount of time users have to change forum postings before they are mailed to subscribers.
This sets the editing time for forum postings. The editing time is the amount of time users have to change forum postings before they are mailed to subscribers.
Line 70: Line 75:
Please refer to the forum discussions [http://moodle.org/mod/forum/discuss.php?d=28679 Editing a forum post after the 30 minutes deadline] and [http://moodle.org/mod/forum/discuss.php?d=5367 The philosophy underlying "no editing after 30 minutes"]
Please refer to the forum discussions [http://moodle.org/mod/forum/discuss.php?d=28679 Editing a forum post after the 30 minutes deadline] and [http://moodle.org/mod/forum/discuss.php?d=5367 The philosophy underlying "no editing after 30 minutes"]


===Full name format===
==Full name format==


This setting has been moved in Moodle 2.6 onwards to ''Administration > Site administration > Users > Permissions > [[Roles settings|User policies]]''.
This setting has been moved in Moodle 2.6 onwards to ''Administration > Site administration > Users > Permissions > [[Roles settings|User policies]]''.


===Allow extended characters in usernames===
==Allow extended characters in usernames==


The default here, unchecked = unenabled, can only contain alphabetical letters in lowercase, numbers, hypen '-', underscore '_', period '.', or at sign '@'. If you enable this, it will be possible to have any characters for the username, but they must still be lowercase. This setting would allow you for example to have usernames with accents such as ö or ê and so on.
The default here, unchecked = unenabled, can only contain alphabetical letters in lowercase, numbers, hypen '-', underscore '_', period '.', or at sign '@'. If you enable this, it will be possible to have any characters for the username, but they must still be lowercase. This setting would allow you for example to have usernames with accents such as ö or ê and so on.
Line 80: Line 85:
Note: In Moodle 3.4.2 onwards, the Site policy URL and Site policy URL for guests settings have been moved to 'Policy settings' in the Site administration.
Note: In Moodle 3.4.2 onwards, the Site policy URL and Site policy URL for guests settings have been moved to 'Policy settings' in the Site administration.


===Keep tag name casing===
==Keep tag name casing==


If checked, then tags like the following will be displayed: SOCCER, gUiTaR, MacDonalds, music
If checked, then tags like the following will be displayed: SOCCER, gUiTaR, MacDonalds, music
Line 91: Line 96:
:* For languages where this kind of capitalization changes the meaning, it is best to keep this option on.
:* For languages where this kind of capitalization changes the meaning, it is best to keep this option on.


===Profiles for enrolled users only===
==Profiles for enrolled users only==


To prevent misuse by spammers, profile descriptions of users who are not yet enrolled in any course are hidden. New users must enrol in at least one course before they can add a profile description.
To prevent misuse by spammers, profile descriptions of users who are not yet enrolled in any course are hidden. New users must enrol in at least one course before they can add a profile description.


===Cron execution via command line only===
==Cron execution via command line only==


[[Cron]] is an action that runs various administrative jobs on your Moodle such as sending out forum posts. Running the cron from a web browser can expose privileged information to anonymous users. Thus it is recommended to only run the cron from the command line or set a cron password for remote access.
[[Cron]] is an action that runs various administrative jobs on your Moodle such as sending out forum posts. Running the cron from a web browser can expose privileged information to anonymous users. Thus it is recommended to only run the cron from the command line or set a cron password for remote access.


===Cron password for remote access===
==Cron password for remote access==


Setting a password will mean that users can only run cron from the browser if they know the password and add it like this:
Setting a password will mean that users can only run cron from the browser if they know the password and add it like this:
www.YOURMOODLE.com/admin/cron.php/?password=THEPASSWORDYOUSET.
www.YOURMOODLE.com/admin/cron.php/?password=THEPASSWORDYOUSET.


===Account lockout===
==Account lockout==


Account lockout may be enabled.  
Account lockout may be enabled.  
Line 116: Line 121:
The account may also be unlocked by an administrator in ''Administration > Site administration > Users > Accounts > Browse list of users'' or by waiting for the account lockout duration to elapse.
The account may also be unlocked by an administrator in ''Administration > Site administration > Users > Accounts > Browse list of users'' or by waiting for the account lockout duration to elapse.


===Password policy===
==Password policy==


It is highly recommended that a password policy is set to force users to use stronger passwords that are less susceptible to being cracked by a intruder.
It is highly recommended that a password policy is set to force users to use stronger passwords that are less susceptible to being cracked by an intruder.
[[Image:Password policy.png|thumb|Password policy]]
[[Image:Password policy.png|thumb|Password policy]]


Line 136: Line 141:
:''Tip'': The password policy may also be applied to [[Enrolment key|enrolment keys]] by ticking the 'Use password policy' checkbox in the [[Self enrolment]] settings.
:''Tip'': The password policy may also be applied to [[Enrolment key|enrolment keys]] by ticking the 'Use password policy' checkbox in the [[Self enrolment]] settings.


===Password rotation limit===
==Password rotation limit==


Here you can specify how often a user must change their password before they can re-use a previous password. Note that this might not work with some external authentication plugins.
Here you can specify how often a user must change their password before they can re-use a previous password. Note that this might not work with some external authentication plugins.


===Log out after password change===
==Log out after password change==


By default, users can change their password and remain logged in. Enabling this setting will log them out of existing sessions except the one in which they specify their new password. This setting only applies to users manually changing their password, not to bulk password changes.
By default, users can change their password and remain logged in. Enabling this setting will log them out of existing sessions except the one in which they specify their new password. This setting only applies to users manually changing their password, not to bulk password changes.


===User created token duration===
==User created token duration==


A new setting in Moodle 3.4 onwards enables the duration of a web services token created by a user (for example via the mobile app) to be set. (Previously the duration was 3 months and this value could not be changed.)
A new setting in Moodle 3.4 onwards enables the duration of a web services token created by a user (for example via the mobile app) to be set. (Previously the duration was 3 months and this value could not be changed.)


===Group enrolment key policy===
==Group enrolment key policy==
If this is enabled then when a teacher sets a group enrolment key, they will have to set a key which follows the password policy set above. Note that the group enrolment key policy requires the password policy to be enabled.
If this is enabled then when a teacher sets a group enrolment key, they will have to set a key which follows the password policy set above. Note that the group enrolment key policy requires the password policy to be enabled.


===Disable user profile images===
==Disable user profile images==


Check/tick this box if you don't want your users to be able to change their [[User pictures|profile images]].  
Check/tick this box if you don't want your users to be able to change their [[User pictures|profile images]].  


===Email change confirmation===
==Email change confirmation==


A confirmation step is required for users to change their email address unless the ''emailchangeconfirmation'' box is unchecked.
A confirmation step is required for users to change their email address unless the ''emailchangeconfirmation'' box is unchecked.


===Remember username===
==Remember username==
If you want  usernames to be stored during login then set this to "yes". This will store permanent cookies and in some countries may be considered a privacy issue if used without consent. From a UK point of view, see http://tracker.moodle.org/secure/attachment/24290/UK+Laws+Relating+to+Cookies-LUNS2011.pdf See also the Using Moodle forum discussion [http://moodle.org/mod/forum/discuss.php?d=201558 EU Cookie Law].
If you want  usernames to be stored during login then set this to "yes". This will store permanent cookies and in some countries may be considered a privacy issue if used without consent. From a UK point of view, see http://tracker.moodle.org/secure/attachment/24290/UK+Laws+Relating+to+Cookies-LUNS2011.pdf See also the Using Moodle forum discussion [http://moodle.org/mod/forum/discuss.php?d=201558 EU Cookie Law].


===Strict validation of required fields===
==Strict validation of required fields==
If enabled, users are prevented from entering a space or line break only in required fields in forms. (note: add more info)
If enabled, users are prevented from entering a space or line break only in required fields in forms. (note: add more info)


Line 169: Line 174:


[[es:Políticas del sitio]]
[[es:Políticas del sitio]]
[[eu:Gunearen_politikak]]
[[eu:Gunearen politikak]]
[[fr:Règles site]]
[[fr:Règles site]]
[[ja:サイトポリシー]]
[[ja:サイトポリシー]]
[[de:Site-Sicherheitseinstellungen]]
[[de:Sicherheitsregeln der Website]]

Latest revision as of 07:58, 11 April 2024

Protect usernames

If enabled, when a user attempts to reset their password and enters a username or email address, the following message is displayed: "If you supplied a correct username or email address then an email should have been sent to you." This is to prevent a malicious party from using the interface to determine which usernames and email addresses are in use in valid accounts.

If the protect usernames setting is disabled, when a user attempts to reset their password they are provided with feedback regarding whether an account exists with the username or email address supplied. For example, the message "The email address was not found in the database" may be displayed.

Force users to login

If you turn this setting on, all users must login before they even see the Front Page of the site. Note however that this does not prevent guest access to courses, if you have autologin guests enabled in User policies.

Force users to login for profiles

Leave this set to Yes to keep anonymous visitors away from user profiles.

Force users to login to view user pictures

If enabled, users must login in order to view user profile pictures and the default user picture will be used in all notification emails.

Open to search engines

Enabling this setting allows search engines crawlers guest access to your site. Any part of the site that allows guest access will then be searchable on search engines. In addition, people coming in to your site via a search engine search will automatically be logged in as a guest.

Referrer policy

A referrer policy can be set, various parts of moodle rely on the referrer being set so it's generally best to only remove or reduce the referrer for external links. So a policy of origin-when-cross-origin is probably the best balance. See the MDN docs for more details:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

Allow indexing by search engines

This determines whether to allow search engines to index your site. The default is Everywhere except login and signup pages.

Profile visible roles

Any role which is checked/ticked here will be visible on user profiles and the Participation screen.

Maximum uploaded file size

Probably the most frequently asked question in the Moodle.org Using Moodle forums is "How do I increase the upload file size limit?"

Upload file sizes are restricted in a number of ways - each one in this list restricts the following ones:

1. The Apache server setting LimitRequestBody ... default in Apache 2.x or greater is set to 0 or an unlimited upload size

2. The PHP site settings post_max_size and upload_max_filesize in php.ini : modify php.ini in web server directories ( apache2.x.x/bin/php.ini ) not in php directories :

post_max_size = 128M;  to increase limit to 128 Megabytes;
upload_max_filesize = 128M;  to increase limit to 128 Megabytes;
max_execution_time = 600 ; Maximum execution time of each script, in seconds;

3. The Moodle site-wide maximum uploaded file size setting: Settings > Site administration > Security > Site policies > Maximum uploaded file size.

4. The Moodle course maximum uploaded file size setting in the course default settings: Settings > Site administration > Courses > Course default settings

5. The file size settings in each individual course in Course Administration>Settings.

5. Certain course activity module settings (for example, Assignment)

User quota

The maximum number of bytes that a user can store in their own Private files area.

Allow EMBED and OBJECT tags

Allowing these presents a security risk but if you wish normal users such as students to be able to use them then check the box here.

Enable trusted content

By default Moodle will always thoroughly clean text that comes from users to remove any possible bad scripts, media etc. that could be a security risk. The Trusted Content system is a way of giving particular users that you trust the ability to include these advanced features in their content without interference. To enable this system, you need to first enable this setting, and then grant the Trust submitted content capability to a specific Moodle role. Texts created or uploaded by such users will be marked as trusted and will not be cleaned before display.

Maximum time to edit posts

This sets the editing time for forum postings. The editing time is the amount of time users have to change forum postings before they are mailed to subscribers.

Please refer to the forum discussions Editing a forum post after the 30 minutes deadline and The philosophy underlying "no editing after 30 minutes"

Full name format

This setting has been moved in Moodle 2.6 onwards to Administration > Site administration > Users > Permissions > User policies.

Allow extended characters in usernames

The default here, unchecked = unenabled, can only contain alphabetical letters in lowercase, numbers, hypen '-', underscore '_', period '.', or at sign '@'. If you enable this, it will be possible to have any characters for the username, but they must still be lowercase. This setting would allow you for example to have usernames with accents such as ö or ê and so on.

Note: In Moodle 3.4.2 onwards, the Site policy URL and Site policy URL for guests settings have been moved to 'Policy settings' in the Site administration.

Keep tag name casing

If checked, then tags like the following will be displayed: SOCCER, gUiTaR, MacDonalds, music

If unchecked, then all tags will be displayed as follows: Soccer, Guitar, Macdonalds, Music

Tips:
  • For English, off is useful.
  • For Japanese, no changes are made either way.
  • For languages where this kind of capitalization changes the meaning, it is best to keep this option on.

Profiles for enrolled users only

To prevent misuse by spammers, profile descriptions of users who are not yet enrolled in any course are hidden. New users must enrol in at least one course before they can add a profile description.

Cron execution via command line only

Cron is an action that runs various administrative jobs on your Moodle such as sending out forum posts. Running the cron from a web browser can expose privileged information to anonymous users. Thus it is recommended to only run the cron from the command line or set a cron password for remote access.

Cron password for remote access

Setting a password will mean that users can only run cron from the browser if they know the password and add it like this: www.YOURMOODLE.com/admin/cron.php/?password=THEPASSWORDYOUSET.

Account lockout

Account lockout may be enabled.

Account lockout threshold: After a specified number of failed login attempts, a user's account is locked and they are sent an email containing a URL to unlock the account. Setting this to 'No' means there is no threshold and an account attempting to log in can do so an unlimited number of times.

Account lockout observation window: Observation time for lockout threshold, if there are no failed attempts the threshold counter is reset after this time. This is the counter for how long to watch for more failed attempts by an account trying to log in even after being locked out, the counter will reset at each attempt and last this long.

Account lockout duration: Locked out account is automatically unlocked after this duration.

The account may also be unlocked by an administrator in Administration > Site administration > Users > Accounts > Browse list of users or by waiting for the account lockout duration to elapse.

Password policy

It is highly recommended that a password policy is set to force users to use stronger passwords that are less susceptible to being cracked by an intruder.

Password policy

The password policy includes option to set the minimum length of the password, the minimum number of digits, the minimum number of lower-case characters, the minimum number of upper-case characters and the minimum number of non alphanumeric characters.

The password policy is enabled by default. Default (recommended) settings are:

  • Password length - 8
  • Digits - 1
  • Lowercase letters - 1
  • Uppercase letters - 1
  • Non-alphanumeric characters - 1

If a user enters a password that does not meet the requirements, they are given an error message indicating the nature of the problem with the entered password.

Enabling the password policy does not affect existing users until they decide to or are required to change their password. An admin can force all users to change their password using the force password change option in Bulk user actions.

Tip: The password policy may also be applied to enrolment keys by ticking the 'Use password policy' checkbox in the Self enrolment settings.

Password rotation limit

Here you can specify how often a user must change their password before they can re-use a previous password. Note that this might not work with some external authentication plugins.

Log out after password change

By default, users can change their password and remain logged in. Enabling this setting will log them out of existing sessions except the one in which they specify their new password. This setting only applies to users manually changing their password, not to bulk password changes.

User created token duration

A new setting in Moodle 3.4 onwards enables the duration of a web services token created by a user (for example via the mobile app) to be set. (Previously the duration was 3 months and this value could not be changed.)

Group enrolment key policy

If this is enabled then when a teacher sets a group enrolment key, they will have to set a key which follows the password policy set above. Note that the group enrolment key policy requires the password policy to be enabled.

Disable user profile images

Check/tick this box if you don't want your users to be able to change their profile images.

Email change confirmation

A confirmation step is required for users to change their email address unless the emailchangeconfirmation box is unchecked.

Remember username

If you want usernames to be stored during login then set this to "yes". This will store permanent cookies and in some countries may be considered a privacy issue if used without consent. From a UK point of view, see http://tracker.moodle.org/secure/attachment/24290/UK+Laws+Relating+to+Cookies-LUNS2011.pdf See also the Using Moodle forum discussion EU Cookie Law.

Strict validation of required fields

If enabled, users are prevented from entering a space or line break only in required fields in forms. (note: add more info)

See also

  • Policies plugin - The Policies plugin provides a new user sign-on process, with ability to define multiple policies (site, privacy, third party), track user consents, and manage updates and versioning of the policies