Diferencia entre revisiones de «Riesgos»
mSin resumen de edición |
m (→Configuración) |
||
Línea 4: | Línea 4: | ||
Careful consideration should be given to the risks involved in allowing different capabilities. | Careful consideration should be given to the risks involved in allowing different capabilities. | ||
==Configuración== | ==Configuración== | ||
Ciertas capacidades, tales como [[Capabilities/moodle/site:doanything|moodle/site:doanything]] están previstas para uso exclusivo de los administradores, ellos pueden habilitar permisos especiales para algunos usuarios después de un análisis minucioso de los riesgos. | |||
==XSS (Cross-Site Scripting)== | ==XSS (Cross-Site Scripting)== |
Revisión del 06:33 12 jul 2009
Nota: Pendiente de Traducir. ¡Anímese a traducir esta página!. ( y otras páginas pendientes)
Careful consideration should be given to the risks involved in allowing different capabilities.
Configuración
Ciertas capacidades, tales como moodle/site:doanything están previstas para uso exclusivo de los administradores, ellos pueden habilitar permisos especiales para algunos usuarios después de un análisis minucioso de los riesgos.
XSS (Cross-Site Scripting)
Certain capabilities enable users to add non-checked files and HTML code containing JavaScript etc. This may be misused for cross-site scripting (XSS) purposes, with the potential to gain full admin access. These capabilities are intended for administrators and teachers only.
Privacy
Certain capabilities enable users to gain access to private information of other users, for example non-public information in a user's profile. These capabilities are intended for administrators and teachers only.
Spam
Certain capabilities enable users to add content to site, for example forum posts, account creation, and send messages to other users. These capabilities may be misused for spamming purposes.
Risks for predefined roles
- Guest - only capabilities without any risks are allowed
- Student - certain capabilities with spam risks are allowed
- Teacher - certain capabilities with XSS and privacy risks are allowed
- Administrator - all capabilities are allowed