Note:

If you want to create a new page for developers, you should create it on the Moodle Developer Resource site.

Talk:Security

From MoodleDocs
Revision as of 17:58, 5 November 2009 by Tim Hunt (talk | contribs)

I am working on a revision of these guidelines. I am going to hack around on this talk page before copying the result to the main page.

Start of new page contents.

This page describes how to write secure Moodle code that is not vulnerable to anything that evil people my try to throw at it.

The page is organised around the common types of security vulnerability. For each one, it explains

  1. what the danger is,
  2. how Moodle is designed to avoid the problem, and
  3. what you need to do in your code to keep Moodle secure.

The explanation of each vulnerability is on a separate page, linked to in the list below.

This page also summarises all the key guidelines.


Common types of security vulnerability

  • Cross-site request forgery (XSRF)
  • Cross-site scripting (XSS)
  • SQL injection
  • Command-line injection
  • Confidential information leakage
  • Configuration information leakage
  • Unauthorised access
  • Unauthenticated access
  • Session fixation
  • Denial of service
  • Brute-forcing login
  • Insecure configuration management
  • Buffer overruns, and other platform weaknesses
  • Social engineering


Summary of the guidelines

  • TODO


See also

CategoryDeveloper Category:Security

End of new page contents.

Please comment below.

Retrieved from "https://docs.moodle.org/dev/index.php?title=Talk:Security&oldid=28280"
Powered by MediaWiki