1) I don't seem to be able to find an official document (point me at it if I am wrong)
2) I have an upcomming presentation on Moodle and one area I will be covering is security and I would like some input on my material.
Below are my rough notes so far. Am I missing anything? Is the material accurate? Once I get a little feedback I will work on polishing up and fleshing out the guide and see about getting it into the documentation section for the community's use.
The best security strategy is a good backup!
- Model your security after the layers of clothing you wear on a cold winter day. No single layer by itself stops you from freezing, but multiple layers acting together keep you warm, and secure!
- RSS feed (http://security.moodle.org/rss/file.php/1/1/forum/1/rss.xml) or
- register your site on Moodle.org and you will automatically receive security emails for the email address you used to register with.
via cron
- you use the up2date or apt systems to install your mysql and php software than this method updates not only your basic OS files, but also your php and mysql software
- or affordable
, hence improving security
, but encrypts data between server and sender.
o connections from 127.0.0.1. If you need to have access from several remote machines than use mysql user permissions to restrict access to specific hosts.
ost secure file permissions
