|
|
(2 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
| I am working on a revision of these guidelines. I am going to hack around on this talk page before copying the result to the main page. | | People seem happy enough with the new format that I have copied it to the main page. |
|
| |
|
| Start of new page contents.
| | I will just leave the [[Security:Template]] link here. |
| -----------
| |
| | |
| This page describes how to write secure Moodle code that is not vulnerable to anything that evil people my try to throw at it.
| |
| | |
| The page is organised around the common types of security vulnerability. For each one, it explains
| |
| # what the danger is,
| |
| # how Moodle is designed to avoid the problem,
| |
| # what you need to do as a Moodle developer to keep your code secure, and
| |
| # what you can do as an administrator, to make your Moodle more secure.
| |
| The explanation of each vulnerability is on a separate page, linked to in the list below.
| |
| | |
| This page also summarises all the key guidelines.
| |
| | |
| | |
| ==Common types of security vulnerability==
| |
| | |
| * [[Security:Unauthenticated access|Unauthenticated access]]
| |
| * [[Security:Unauthorised access|Unauthorised access]]
| |
| * [[Security:Cross-site_request_forgery|Cross-site request forgery]] (XSRF)
| |
| * Cross-site scripting (XSS)
| |
| * SQL injection
| |
| * Command-line injection
| |
| * Confidential information leakage
| |
| * Configuration information leakage
| |
| * Session fixation
| |
| * [[Security:Denial of service|Denial of service]]
| |
| * [[Security:Brute-forcing login|Brute-forcing login]]
| |
| * Insecure configuration management
| |
| * Buffer overruns, and other platform weaknesses
| |
| * Social engineering
| |
| | |
| | |
| * [[Security:Template]]
| |
| | |
| ==Summary of the guidelines==
| |
| | |
| * TODO
| |
| | |
| | |
| ==See also==
| |
| | |
| * [[Coding]]
| |
| | |
| CategoryDeveloper
| |
| Category:Security
| |
| | |
| ------
| |
| End of new page contents.
| |
| | |
| Please comment below.
| |