Security and privacy

 
 
Picture of Jamison Hyman
Re: Enable "Require the Use of Safe Exam Browser" on SCORM package
 

Whoa this is awesome!  I'm trying to implement it in the code.  The screen is just white when I go to the SCORM page in any browser (including Safe Exam Browser).  If it worked in the Safe Exam Browser, then everything would be perfect.  Here's the relevant code from lib.php.  Thank you!

function scorm_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload, array $options=array()) {
global $CFG;

if ($context->contextlevel != CONTEXT_MODULE) {
return false;
}

// Allow content to be accessed ONLY from a 'Safe Browser'.
if (strpos($ SERVER['HTTP_USER_AGENT'], 'SEB') == false){
return false;
}

require_login($course, true, $cm);

$lifetime = isset($CFG->filelifetime) ? $CFG->filelifetime : 86400;

.....

 
Average of ratings: -
Walking on the snow towards Lago Nero...
Re: Enable "Require the Use of Safe Exam Browser" on SCORM package
Group DevelopersGroup Particularly helpful Moodlers

Hi Jamison,
my fault: it's "$_SERVER" and not "$ SERVER". I'm not sure how I deleted the underscore char, could it be done by the glossary filter?

Matteo

 
Average of ratings:Useful (1)
Picture of Jamison Hyman
Re: Enable "Require the Use of Safe Exam Browser" on SCORM package
 

Thanks for all of your help Matteo!  Now, the page loads on SEB but also every browser.  The code looks like this now, is there something wrong that's allowing it on every browser?

function scorm_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload, array $options=array()) {
global $CFG;

if ($context->contextlevel != CONTEXT_MODULE) {
return false;
}

// Allow content to be accessed ONLY from a 'Safe Browser'.
if (strpos($_SERVER['HTTP_USER_AGENT'], 'SEB') == false){
return false;
}

require_login($course, true, $cm);

$lifetime = isset($CFG->filelifetime) ? $CFG->filelifetime : 86400;

 
Average of ratings: -
Walking on the snow towards Lago Nero...
Re: Enable "Require the Use of Safe Exam Browser" on SCORM package
Group DevelopersGroup Particularly helpful Moodlers

Hi Jamison,
try to delete the browser local cache: Moodle by default tries to minimize the bandwidth impacts by asking the browser to cache the content, SCORM files included, so if you already accessed that content before applying the patch you should be able to see it until the local cache will expire.

Note: as mentioned by Tim, the current SEB securing implementation is weak in the sense that most of the browsers today are able to rewrite User Agent information so this hack is just a proof of concept before being the real solution for securing the content.

HTH,
Matteo

 
Average of ratings:Useful (1)
Picture of Jamison Hyman
Re: Enable "Require the Use of Safe Exam Browser" on SCORM package
 

Awesome! Worked perfectly.  Thanks so much. 

 

/thread

 
Average of ratings: -