report/security/report security check preventexecpath: Difference between revisions
From MoodleDocs
Dan Marsden (talk | contribs) (add some info about preventexecpath) |
m (Small layout tweak.) |
||
| (4 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
{{Security overview report}}Some administration options allow setting the path to executable files on the web server such as du, aspell, ghostscript and others. This can potentially cause a security risk. You can prevent administrators from changing these paths by adding the following setting to your config.php file: | |||
Some administration options allow setting the path to executable files on the web server such as du, aspell, ghostscript and others. This can potentially cause a security risk. You can prevent | |||
<code php> | |||
$CFG->preventexecpath = true; | $CFG->preventexecpath = true; | ||
</code> | |||
You should also explicitly set the relevant paths in your config.php file such as: | You should also explicitly set the relevant paths in your config.php file such as: | ||
$CFG->pathtodu | <code php> | ||
$CFG->pathtounoconv | $CFG->pathtodu = 'PATH'; | ||
$CFG->aspellpath | $CFG->pathtounoconv = 'PATH'; | ||
$CFG->aspellpath = 'PATH'; | |||
</code> | |||
[[es:report/security/report security check preventexecpath]] | |||
Latest revision as of 03:09, 25 August 2021
Some administration options allow setting the path to executable files on the web server such as du, aspell, ghostscript and others. This can potentially cause a security risk. You can prevent administrators from changing these paths by adding the following setting to your config.php file:
$CFG->preventexecpath = true;
You should also explicitly set the relevant paths in your config.php file such as:
$CFG->pathtodu = 'PATH';
$CFG->pathtounoconv = 'PATH';
$CFG->aspellpath = 'PATH';
