Moodle in English: Security of external manifests

Security and privacy

Security of external manifests

This discussion has been locked because a year has elapsed since the last post. Please start a new discussion topic.

Security of external manifests

by Johan Meerkerk - Sunday, March 23, 2014, 9:00 PM

Hi,

We're currently using SCORM packages in our Moodle site as external manifests. We upload the unzipped packages in a directory (called packages) on the webserver, add a new SCORM activity and link tot the XML manifest of the related package. Works fine and performance is (for whatever reason) much better than when uploading the SCORM packages as a zip.

However, this means that the packages are unprotected (available for anybody with the url) in a folder in we www root. We would like to restrict this. Is there any possibility to either link to manifests in moodledata or to protect the packages directory from direct access? As far as I know, I can only use links to external manifests in http form, therefor eliminating the possibility to link to moodledata.

Thanks a lot in advance,

Johan

Re: Security of external manifests

by Matteo Scaramuccia - Monday, March 24, 2014, 12:42 AM

Hi Johan,
you could try with a file system repository: http://danmarsden.com/blog/2013/09/24/managing-scorm-content-in-moodle-2-6/.

Keeping the packages in Moodle will give you the required security: if you want to off-load your webserver and get some points on the performance side - except the time required to evaluate the authorization checks - you could try X-Sendfile, if your webserver supports it: http://docs.moodle.org/26/en/Performance_recommendations#X-Sendfile.

HTH,
Matteo

Average of ratings: -

Re: Security of external manifests

by Johan Meerkerk - Tuesday, March 25, 2014, 4:20 PM

Thanks Matteo! The combination of a file repository and picking the manifest might be a great solution. I'm going to try and provide feedback.

Johan

Average of ratings: -