This forum post has been removed
Number of replies: 11Many sites pass authentication data ie usernames, passwords in plain text across the Internet between the user's browser and the web server. If this data is intercepted by a third-party, it won't necessarily be read or understood by humans, but this method of transmission is not as secure as TLS/SSL.
Secure logins are commonly used by banks, government departments, ecommerce sites to protect user data. If you install a SSL certificate for your moodle instance and configure it for https logins - this will ensure authentication data is encrypted before transmission across the Internet.
http://en.wikipedia.org/wiki/Http_authentication
http://docs.moodle.org/en/HTTP_security
This forum post has been removed
In terms of protecting data security at a course level, I'd suggest you use course enrolment keys. At a LMS level, you can control who can access the LMS with authentication settings and even force login before a user sees anything. Unless necessary, ensure email-based self registration and guest access are disabled.
So, if you secure logins, course access and lock down authentication methods - password theft or a brute force attack are the most (un)likely threats. Naturally, there's also plenty of hardening to do at a server level with firewall configuration, port blocking and scanning, flood protection, disabling unnecessary services and more. I'm happy to share a 25-point security checklist I use when I deploy a moodle instance for a client. Msg me with your email address, if you'd like it.
Cheers,
Chad
https://www.fireetraining.com/courses/login/signup.php is a link to the site and page in question, running Moodle 1.9.9
I've done everything I can think of to force encryption (using SSL) for all pages, and it works except for one link located in the above mentioned page:
<form action="http://www.fireetraining.com/courses/login/signup.php" method="post" accept-charset="utf-8" id="mform1" class="mform">
The actual link for form submission for new user accounts refuses to be set to https (I've poured through the code several times). Every other link on this site forces the use of SSL with no problem, except for this one.
Any ideas? Cause I'm stumped
Hi!
I am having the same problem! Everything is covered by my SSL proxy but the signup.php page.
Obviously, you have a solution. Would you please share it with me?
Cheers!
Here is the solution:
The page is secured. However, the integrated reCaptcha function makes the browser believe that the page is noch running under the SSL certificate.
But I believe I can live with that
I am having an SSL problem, too. When I use IE to browse Moodle, every page change brings up a message about secure and insecure items on the page. This does not happen in Firefox. I think the offending item is one of the icons at the foot of each page from Creativecommons.org
Has anyone else found this problem? Where is the offending line of code so that I can alter it - am I allowed to?
Thanks,
Michael
Jon
The link to our Moodle is:
remote.cheamschool.net
Jon
Hi,
I want to configure my moodle to login via https can you guid me ??
when i enable login https i get blank page or sometimes forbidden request.