Moodle security overview

Moodle security overview

by Sami Hwang -
Number of replies: 3

This issue might be off-topic from Moodle development. But it is a bit urgent issue. Thus, I am asking this problem to our Moodle experts in this forum.

We are using Moodle 2.1 and am I am getting a Moodle administrator training. After I learned something from this training course, I checked out our Moodle site. In particular, I examined the security overview under reports in site administration.

To my surprise, it says the Frontpage role is critical, XSS trusted users is warning and backup of user data also has a warning sign as in the attached picture.

What kind of action can I take to remove these messages? We are using an external database and self-email registration as an authentication method.

Can you guys give me some guidance?

Sami

Attachment moodleMessage.JPG
Average of ratings: -
In reply to Sami Hwang

Re: Moodle security overview

by Matteo Scaramuccia -
Picture of Core developers Picture of Peer reviewers Picture of Plugin developers

Hi Sami,
have you already click on the first column of each affected row?
It will give you a report about the specific issue and usually it represents a good starting point for the further steps.

HTH,
Matteo

Average of ratings: -
In reply to Matteo Scaramuccia

Re: Moodle security overview

by Sami Hwang -

Hello Matteo,

Thank you so much for the tip. Let me take a look at it.

Have a good day.

Sami

Average of ratings: -
In reply to Sami Hwang

Re: Moodle security overview

by Helen Foster -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers Picture of Translators

Hi Sami,

You mention you are using Moodle 2.1. Bug fixes for serious security issues in 2.1.x ended in December 2012 (from http://docs.moodle.org/dev/Releases), thus I'd strongly recommend that you upgrade your site as soon as possible.

Average of ratings: -