Security of external manifests

Security of external manifests

by Johan Meerkerk -
Number of replies: 2

Hi,

We're currently using SCORM packages in our Moodle site as external manifests. We upload the unzipped packages in a directory (called packages) on the webserver, add a new SCORM activity and link tot the XML manifest of the related package. Works fine and performance is (for whatever reason) much better than when uploading the SCORM packages as a zip.

However, this means that the packages are unprotected (available for anybody with the url) in a folder in we www root. We would like to restrict this. Is there any possibility to either link to manifests in moodledata or to protect the packages directory from direct access? As far as I know, I can only use links to external manifests in http form, therefor eliminating the possibility to link to moodledata.

 

Thanks a lot in advance,

Johan

 

 

Average of ratings: -
In reply to Johan Meerkerk

Re: Security of external manifests

by Matteo Scaramuccia -
Picture of Core developers Picture of Peer reviewers Picture of Plugin developers

Hi Johan,
you could try with a file system repository: http://danmarsden.com/blog/2013/09/24/managing-scorm-content-in-moodle-2-6/.

Keeping the packages in Moodle will give you the required security: if you want to off-load your webserver and get some points on the performance side - except the time required to evaluate the authorization checks - you could try X-Sendfile, if your webserver supports it: http://docs.moodle.org/26/en/Performance_recommendations#X-Sendfile.

HTH,
Matteo

Average of ratings: -
In reply to Matteo Scaramuccia

Re: Security of external manifests

by Johan Meerkerk -

Thanks Matteo! The combination of a file repository and picking the manifest might be a great solution. I'm going to try and provide feedback.

Johan

Average of ratings: -