report/security/report security check preventexecpath: Difference between revisions
From MoodleDocs
m (Added link to spanish translation of page) |
Helen Foster (talk | contribs) ({{Security overview report}}) |
||
| Line 1: | Line 1: | ||
Some administration options allow setting the path to executable files on the web server such as du, aspell, ghostscript and others. This can potentially cause a security risk. You can prevent administrators from changing these paths by adding the following setting to your config.php file: | {{Security overview report}}Some administration options allow setting the path to executable files on the web server such as du, aspell, ghostscript and others. This can potentially cause a security risk. You can prevent administrators from changing these paths by adding the following setting to your config.php file: | ||
<code php> | <code php> | ||
Revision as of 15:10, 29 January 2018
Some administration options allow setting the path to executable files on the web server such as du, aspell, ghostscript and others. This can potentially cause a security risk. You can prevent administrators from changing these paths by adding the following setting to your config.php file:
$CFG->preventexecpath = true;
You should also explicitly set the relevant paths in your config.php file such as:
$CFG->pathtodu = 'PATH';
$CFG->pathtounoconv = 'PATH';
$CFG->aspellpath = 'PATH';
