Security:Buffer overruns, and other platform weaknesses

From MoodleDocs
Revision as of 07:27, 6 May 2022 by Dev Docs Bot (talk | contribs) (Protected "Security:Buffer overruns, and other platform weaknesses": Developer Docs Migration ([Edit=Allow only administrators] (indefinite)))
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This content of this page has been updated and migrated to the new Moodle Developer Resources. The information contained on the page should no longer be seen up-to-date.

Why not view this page on the new site and help us to migrate more content to the new site!

This page forms part of the Moodle security guidelines.

What is the danger?

Buffer overruns do not affect PHP code, since PHP is a high-level language that automatically manages memory allocation.

However, Moodle runs on a server which runs an operating system, a web server, a database and the PHP interpreter. All these are complex pieces of software, and security problems are often found with them. Thus, a Moodle server can be attacked, even if there are no security problems with Moodle.

How Moodle avoids this problem

There is very little that Moodle can do about this.

What you need to do in your code

  • There is nothing you can do about this from PHP code.

What you need to do as an administrator

  • Keep all components of your server up-to-date.
  • Subscribe to security mailing lists for all the products you use, so you are notified promptly about potential problems, and new versions.

See also