I posted this in general problems, but didn't get any response, maybe it fits better here?
The head of enrichment activities (extra-curricular clubs) has asked that I set up courses and give students control over them. This worries me- it's only a year since I was a student and had this existed last year, probably at least half of the computing class would have had a go at attacking it just to see if we could.
The first attack that came to mind was just a JS redirect to a phishing page with a timeout error; chances are this would get at least one teachers password (the same as the novell network- not good). I'm sure between a thousand odd students at least a few will be knowledgeable/imaginative enough to figure out plenty of attacks given free reign over courses.
Would there be a way to let them only add activities, clean all their html as if it were forum posts and maybe do something about stopping them just linking directly to such a phishing page as a resource?
Anyone got previous experience of this? Anything else I should be looking out for?
Thanks a lot,