Security and privacy

 
 
Picture of Sami Hwang
Moodle security overview
 

This issue might be off-topic from Moodle development. But it is a bit urgent issue. Thus, I am asking this problem to our Moodle experts in this forum.

We are using Moodle 2.1 and am I am getting a Moodle administrator training. After I learned something from this training course, I checked out our Moodle site. In particular, I examined the security overview under reports in site administration.

To my surprise, it says the Frontpage role is critical, XSS trusted users is warning and backup of user data also has a warning sign as in the attached picture.

What kind of action can I take to remove these messages? We are using an external database and self-email registration as an authentication method.

Can you guys give me some guidance?

Sami


 
Average of ratings: -
Walking on the snow towards Lago Nero...
Re: Moodle security overview
Group DevelopersGroup Particularly helpful Moodlers

Hi Sami,
have you already click on the first column of each affected row?
It will give you a report about the specific issue and usually it represents a good starting point for the further steps.

HTH,
Matteo

 
Average of ratings: -
Picture of Sami Hwang
Re: Moodle security overview
 

Hello Matteo,

Thank you so much for the tip. Let me take a look at it.

Have a good day.

Sami

 
Average of ratings: -
Picture of Helen Foster
Re: Moodle security overview
Group DevelopersGroup Documentation writersGroup Moodle HQGroup Particularly helpful MoodlersGroup Testers

Hi Sami,

You mention you are using Moodle 2.1. Bug fixes for serious security issues in 2.1.x ended in December 2012 (from http://docs.moodle.org/dev/Releases), thus I'd strongly recommend that you upgrade your site as soon as possible.

 
Average of ratings: -