A few security queries....

A few security queries....

by Anthony Rimmer -
Number of replies: 7

Hi All, 

I'm looking at upgrading to M3.9 (from 3.5) and taking advantage of the integrated H5P activity. 

I've read what information I can find, but I'm looking for a bit more about how the plugin works and interacts with the H5P website and it's content. So my questions are:

  • Does the H5P activity interact with content/sites outside of the Moodle installation? - Is any data sent offsite, or is it completely isolated?
  • I read that the H5P catalogue is updated via cron task. Is this true? - Can it be turned off or manually checked before allowing any additions or updates?
  • Can some of the H5P content types be restricted, or is it an all or nothing catalogue?

I would likely want to restrict certain users to the H5P activity, and then certain H5P resources within the catalogue. I wouldn't want users adding to the catalogue at this stage.

Many thanks in advance & apologies if I've overlooked something.

Anthony

Average of ratings: -
In reply to Anthony Rimmer

Re: A few security queries....

by Randy Thornton -
Picture of Documentation writers
1) Yes. By default the new core integrated H5P is set to download updated and new content types and libraries from the H5P Hub server via a Scheduled task.

2) Yes. This is controlled by the Scheduled Task "Download available H5P content types from h5p.org" (\core\task\h5p_get_content_types_task). This is on by default and runs once a month. If you prefer to control the content types and libraries yourself, then turn this scheduled task off, and use the "Manage H5P content types" in Site admin > H5P instead to manually upload the content type files and library files you need.

3) It is all or nothing. There is no option in the Moodle integrated activity to hide or disable a specific content type nor are there specific permissions for the content types. You either have them installed or not: If they are installed, then anyone who can add the H5P activity (by default, Teachers) can use all the content types. (N.B. This is different from the standard H5P "Interactive Content" plugin which does have the ability to restrict content types.)

4) "restrict certain users to the H5P activity" - You can do this in the roles by setting the various permissions for the activity as a whole, just as for other activities. Search for mod/h5pactivity in the Roles to see the details. There are four main capabilities: view, submit (for Students), and add and review submissions (for Teachers).

5) "certain H5P resources within the catalogue" - Only Admins and Managers have the ability to manage the content types. By default, the Manager role can see and use the tool in Site admin > H5P > Manage H5P content types, which is controlled by the capability "Manage H5P content types" (moodle/h5p:updatelibraries), set to Allow for Manager. This is all or nothing, too: there is no way to set it up so that some Managers, for instance, can manage some content types but not other content types. This permissions means they can add or remove any or all of them.

Hope this is helpful.
Average of ratings: Useful (3)
In reply to Randy Thornton

Re: A few security queries....

by Anthony Rimmer -
Thanks Randy, this is a great reply and most useful.

I suppose my final concern is whether any data from Moodle is sent back to the H5P hub (or other sites?)*, or whether your first point is just that - There is only the download of the new/updated H5P content types. It wouldn't make sense to be created any other way - just ticking my data protection boxes smile

Anthony
Average of ratings: -
In reply to Anthony Rimmer

Re: A few security queries....

by Randy Thornton -
Picture of Documentation writers
Anthony,

Most welcome, that was a great question and I'm glad I'm not the only one thinking about those data protection issues with H5P.

I thought about your question of how Moodle and the H5P Hub talk, but I don't know exactly what data is exchanged during an update with the H5P Hub. It could be done in several ways, but certainly the Hub would know your Moodle address, IP address and approximate location, etc. I would assume, for the sake of efficiency, it would exchange what content types and version you have installed for update. (Although Moodle could just say, "Send me all the latest versions" and handle the matching locally, which would be less efficient but more privacy preserving.)

A further question is does this update process cross the line into telemetry or usage statistics other than that required for updates? Eg. does it send the number of installed content types in use?

Hopefully, someone who does know the details of that can chime in here.

Randy
Average of ratings: -
In reply to Randy Thornton

Re: A few security queries....

by Sara Arjona Téllez -
Picture of Core developers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Testers
Hi Anthony and Randy!

Thanks for raising and answering these interesting topics! smile

Regarding the information that is sent from Moodle to update the content types, what Moodle is currently doing (only if the "Download available H5P content types from h5p.org (\core\task\h5p_get_content_types_task)" task is enabled), is the last one Randy mentioned: is calling the H5P endpoint hub using a site unique identifier that, by default, is a hash of the URL defined in $CFG->wwwroot, and then, the content-types are processed one by one (to check if they have to be upgraded or not).
For technical people (if you're curious), this is where this call is done: https://github.com/moodle/moodle/blob/master/h5p/classes/core.php#L305

So no privacy data is sent to the H5P hub to get the latest content types.
This task can be disabled but then admins will need to upload and upgrade manually the content types, as Randy said smile

I hope this helps! Kind regards!
Average of ratings: Useful (3)
In reply to Sara Arjona Téllez

Re: A few security queries....

by Randy Thornton -
Picture of Documentation writers
Sara,

Thank you! I knew you would know the answer smile This iooks nicely designed from a privacy perspective.

I do hope that there are plans to add the H5P plugin method of handling the version updates to the core H5P tool as well. The admin interface for that is very useful. To be able to choose which versions to update to and which content types to update is very valuable., especially for large sites with many thousands of activities of different types. This will be especially important for sites that remain on a maintenance release for a year or two, or for organizations with multiple instances, etc. where version dependencies will need testing before updating.

Randy
Average of ratings: Useful (1)
In reply to Randy Thornton

Re: A few security queries....

by Sara Arjona Téllez -
Picture of Core developers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Testers
Hi Randy!
Hahahahahaha!! I knew you were happy with my answer tongueout

Regarding this option to let admins define when libraries should be upgraded or not, I would suggest creating an issue or adding a comment into https://tracker.moodle.org/browse/MDL-69331 (which is only about disabling/restricting some H5P content types).

Enjoy Xmas and/or the end of the year (if you don't celebrate Xmas)!! :-*
See you in January (I'll be a couple of weeks on holidays) tongueout
Average of ratings: -
In reply to Sara Arjona Téllez

Re: A few security queries....

by Randy Thornton -
Picture of Documentation writers
Thanks as always Sara and Happy and Safe Holidays to you as well.
Average of ratings: -