Security:Data-loss

From MoodleDocs
Revision as of 15:42, 6 November 2009 by Tim Hunt (talk | contribs) (New page: This page forms part of the Moodle security guidelines. ==What is the danger?== This is more a symptom or other vulnerabilities, than a vulnerability in its own ...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This page forms part of the Moodle security guidelines.

What is the danger?

This is more a symptom or other vulnerabilities, than a vulnerability in its own right.

For example, Evil Hacker can use cross-site request forgery or SQL injection to maliciously destroy lots of your data. Or the fact that someone has permission to destroy a lot of data may indicate that the code is not performing sufficient authorisation checks.

However, it is also possible for users to accidentally destroy lots of data if the user-interface is badly designed and confusing.


How Moodle avoids this problem

We write secure code so that data cannot be destroyed maliciously.

We try to design clear interfaces, so that users understand the effects of their actions.


What you need to do in your code


What you need to do as an administrator

  • Be careful!


See also

Template:CategoryDeveloper