Security and privacy

 
 
Picture of Howard Miller
Re: Moodle hacked, file permissions in IIS
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

Yep - the installation instructions (although somewhat Unix biased) tell you to make sure that the web server user cannot write to the Moodle program directory.

 
Average of ratings: -
Picture of Dave Keller
Re: Moodle hacked, file permissions in IIS
 

So you think completely removing the first entry (IUSR) will bring it in line with recommendations?

Thanks for the replies, much appriciated.

 
Average of ratings: -
Picture of Howard Miller
Re: Moodle hacked, file permissions in IIS
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

Just change it's permission to 'Read and execute'. What you don't want is write/modify etc.

Sorry, I don't speak Windows but that's the general idea.

 
Average of ratings: -
Picture of Dave Keller
Re: Moodle hacked, file permissions in IIS
 

Thanks for your time, it's much appreciated

 
Average of ratings: -