I am concerned about putting the whole moodle distribution in my public_html directory (I am using a linux web server with cPanel and Apache). When I installed a wiki (sourceforge tavi) the installation was in a separate directory for security reasons.
Can anyone confirm whether this is possible with moodle or, alternatively, that no known threats exist? In particular, the moodle distribution is very large (55Mb) compared to the wiki so it is difficult in the extreme to examine it for threats.
Any comments gratefully received...
Ian Beeby
I don't really understand what you mean - can you elaborate on what you perceive the problem/threat to be? Moodle's program files need to be executable and therefore accessible by the web server so they need to be in its 'serve-able' (sp?) web area.
While Moodle is pretty much secure as it it needs to be, remember that it is not a banking application or similar and was not built from the ground up with high security in mind, so (and like all 'ordinary' web applications) it would be unwise to host any life-or-death material on it.
While Moodle is pretty much secure as it it needs to be, remember that it is not a banking application or similar and was not built from the ground up with high security in mind, so (and like all 'ordinary' web applications) it would be unwise to host any life-or-death material on it.
Well, it is generally not good practice imho to have executable code in a publically readable directory - and this is emphasised by the sourceforge tavi (wiki) installation which recommends specifically putting the wiki code in a separate directory and making some strategic symbolic links and having key phrases in the .htaccess file.
Points about life-or-death material notwithstanding, I was just wondering whether anyone had investigated this for moodle.
Ian
Points about life-or-death material notwithstanding, I was just wondering whether anyone had investigated this for moodle.
Ian
I read the Tavi stuff - I've actually used it in the past (and the Wiki resource format was based on it). However, I just don't agree with his assertion that there is any more of a security risk having the code in a public directory that in one that is symbolically linked.
Anyway Tavi is a Perl CGI (a general purpose language) and Moodle is developed in PHP which is a dedicated web scripting language. It's not comparing like with like.
I'm not aware of anybody subscribing to this arrangement and I very much doubt anybody has or will.
Anyway Tavi is a Perl CGI (a general purpose language) and Moodle is developed in PHP which is a dedicated web scripting language. It's not comparing like with like.
I'm not aware of anybody subscribing to this arrangement and I very much doubt anybody has or will.