Security and privacy

 
 
Picture of Daniel Lombardo
Moodle with a Hosting Provider or Moodle with a University Server
 

Is Moodle necessarily more secure on a university server?

If not, how can I demonstrate that using our hosting provider (Siteground) is better than hosting on campus?

And how can I demonstrate that Moodle is more secure than another lesser know LMS? Say, one running with ASP.NET or another windows environment.

Any advice to get me on track to keeping and growing our beloved Moodle would be most appreciated!

 
Average of ratings: -
Tim at Lone Pine Koala Sanctuary
Re: Moodle with a Hosting Provider or Moodle with a University Server
Group DevelopersGroup Documentation writersGroup Particularly helpful Moodlers

You seem to be asking for yes/no answers to complex questions. Sorry, that is not possible.

Hosting your own server gives you more control over it. In some ways that is more secure. On the other hand, the system administrators you can afford to hire are probably less expert that one ones Siteground can afford, since they host many more sites and can spread the cost.

To demonstrate that Moodle is more secure than another LMS, you would need to do a detailed review of all the code of both systems. (Is the other LMS even open source.) That is probably several person-years of work. So, basically, you can't do that.

Moodle's approach to security is on two levels:

First, general practices that make things naturally secure: the clean_param function for filtering input. Using placeholders to instert values into queries to avoid SQL injection. sesskey to protect against XSRF, ...

Then there are specifics. Lots of bits of the code have been reviewed by different people. Particular security holes are reported to the tracker, and then fixed.

 
Average of ratings:Useful (3)
Picture of Daniel Lombardo
Re: Moodle with a Hosting Provider or Moodle with a University Server
 

Thank you for your summary of the specifics regarding safeguard practices. This helps me a lot.

 
Average of ratings: -
Picture of Visvanath Ratnaweera
Re: Moodle with a Hosting Provider or Moodle with a University Server
Group Particularly helpful Moodlers
Hi

> Is Moodle necessarily more secure on a university server?

I haven't met two people who understand the same thing under http://en.wikipedia.org/wiki/Computer_security. Same thing with http://en.wikipedia.org/wiki/Computer_insecurity. Whatever you mean by security, I don't think being "on a university" is in anyway decisive.

Limiting ourselves to Moodle servers, there are at least four levels involved: 1. hardware infrastructure 2. system software 3. Moodle software 4. humans. May be you can expand that list and give marks to the two alternatives.

> If not, how can I demonstrate that using our hosting provider (Siteground) is better than hosting on campus?

You need a http://en.wikipedia.org/wiki/Security_audit .

> And how can I demonstrate that Moodle is more secure than another lesser know LMS? Say, one running with ASP.NET or another windows environment.

What does your school plan to do with the LMS. To keep it safe or to use it?

> Any advice to get me on track to keeping and growing our beloved Moodle would be most appreciated!

So there is a Moodle and it is going to be shut down because of "security concerns"? To be replaced by what? May be having no LMS is the most secure alternative!
smile
 
Average of ratings:Useful (1)
Picture of Daniel Lombardo
Re: Moodle with a Hosting Provider or Moodle with a University Server
 

Thank you both for your thoughts - it really does get me on track.

Visvanath, ahaha, exactly! keep it secure or use it, nice call. I can explain that a little bit by mentioning that I work for a contractor English language provider at a university in the Kingdom of Saudi Arabia. The deanship has a limited understanding of the web.

Here is the LMS of a company (MKCL ERA) that is lobbying to roll out elearning for our students.

We have used Moodle for a couple of years separate to the university domain, and have recently been proposing making it available to other courses within our Deanship of about 2,000 students; as an added value service provided by our company. I can't convince them to trust us, and one of the things is "security." This security issue is presently being defined for them by the representative of MKCL, and he is a native Arabic speaker, I am not.

My present quest is to simplify the subject and create some infographics to support our cause. One may say that we are also lobbying for business reasons, but that would be my company president, under my advisement. Profit and contract security is not my motive for retaining and further developing an elearning program with Moodle. I am in it for pure love of media, knowledge, and digital cultures.

Once more, thank you for interacting and offering your suggestions.

Have a great day!

 
Average of ratings: -