Hi
I am a teacher in a college and I am trying to get the admins to enable web services so we can all use mobile apps.
Im struggling though, they are worried about security.
Is there anything you guys can help me out with here?
Thanks
Nat.
If you're using HTTPs it's fine. Add in good firewalling and that's about as secure as moodle gets. The official app handles password security on its own.
Thanks for your reply, I will forward it on to the admins here at the college.
Im not sure what you said actually means though
The college seems to have concerns about an app that can access Moodle data so can access be restricted to just the official app or does enabling web services open up Moodle to any app?
It would open up the services to any app yes, but most of the apps I've seen require you to have some other code on the server to work. At least the inbuilt web services are stable code that isn't new (web services aren't a new thing in moodle, but an app that makes proper use of them is only a last year or so thing) - and as it's core code, it's been reviewed by moodle HQ too so I'd trust that more (unless a 3rd party one documented its security practices).
ok thanks
Hi,
it is secure, WebServices will be enabled only for the services exposed, the Mobile service expose WS functions that are read-only mainly and that functions are executed only with permissions of the current user using the mobile app
So if I access as a student, I will execute the WebServices with my student permissions (so I will only receive the list of my courses, my calendar events, etc..)