Hi all,
I currently want to add the digital signature on the "logs" of the moodle so that I can verify the Identity of my students' activities.
Can anyone tell me which php file contains the operator/variable of the "logs"? (so that I can digital sign it with MD5, etc.)
and
Can anyone suggest a way to digital sign the log with php moodle? (e.g. openSSL?)
Thanks so much for your helps
The logs are stored in the database in the mdl_log table. Logs are written using the add_to_log function in lib/datalib.php.
However, what is the threat that you are trying to defend against, and how is signing going to help? If your database gets compromised so that someone is able to modify records, then all sorts of things are out the window. An attacker could impersonate any other user, and generate legitimate-looking logs, even if they are signed. And if your database is compromised, then your web server could very well be compromised too, which means that the attacker has access to the keys used for signing, which means that they can modify the logs however they want.
Thanks so much Hubert =]
It is useful for the directory of the log function.
However, could you please tell me which part should I encrypt for the digital sign of logs? (e.g. encrypt the variable of "$log"?)
And please suggest what method should I use for the best? (e.g. use private key to encrypt the $log with MD5, openSSL?)
I think the security of the DB is important but in this stage I think I first to do the verification of students' activities with a simple digital sign first on their logs, then secure thet others, such as the DB.
Thanks so much =]
Again, the Moodle log is stored in the database, so if the database is not secure, then signing the log is useless. Digital signing is not a magic bullet. You have to use it in the proper context. Without doing that, signing the logs only gives you a false sense of security, with little or no actual security.
