Hi everyone,
I'm looking at Moodle to use it for an online campus for the college I work for. Right now, it looks like it will be perfect (especially the price
I had a question about the security in Moodle. I was pleased when I read through the documentation on security and several threads here on the forum. The information and recommendations are correct and show that there are some knowledgable security gurus here.
But, I saw two threads so far http://moodle.org/mod/forum/discuss.php?d=174950 and http://moodle.org/mod/forum/discuss.php?d=124063
These show that there was (if only theoretically) an attempted code injection into Moodle. My question is, how would anyone be able to pull this off successfully if inputs are properly sanitized and key characters (such as <,>, ;, etc) are not allowed?
It seems unlikely that inputs aren't properly sanitized. I just want to make sure. Besides, I'm learning php, so I'm curious in that respect as well.