OK, I know that we can not absolutely prevent students from cheating if they really want to. Several strategies have been posted for dealing with the current limitations of the software security. Nevertheless, we need to work at it from all angles, and also implement all we can do in the Moodle software.
Here are some suggestions for the developers, on what I can observe as current software security issues not addressed by the current "secure" option:
1- Need to remove the minimize icon/functionality. This can be done by Javascript in two ways (use the OpenDialog or whatever its called to open a new window, or changing the property of the window object to remove the minimize and making the new window Modal )
2- Need to prevent users from switching to another application. With 1.5.3+ of Moodle, users can use ALT+TAB, the Start Menu, or the Task Bar to sneek out of a quiz window without exiting the quiz attempt. ALT+TAB can be turned off by capturing and voiding the keys (onKeyUp event of window object). This can get a little tricky to implement for all browsers as they have different approaches to handle the codes. For the two other functions, I guess this would require access to the system API, which Javascript does not do. We could create a small Visual Basic application that opens the Quiz window, but that would require that each user install a SetupQuiz.exe type of little client app that run an app of type Browser Object (controlling IE, possibly FF). If option 2 is implemented, it would not require a separate approach to 1 in javascript.
I have been playing around with the codes required to implement both solutions, but I am not sure how that could be implemented within the PHP files (attempt.php I presume, and the other file that deals with security)
Any other idea or suggestions on this topic?
A traditional strength of Moodle is that it does not require the client to install software making courses accessible to folks who are using computers which are not theirs (for example a library computer). While it would be nice to take some steps to make a quiz maintain the focus I would not sacrifice any of the huge advantages that Moodle has to do it.
Hi Anthony,
Totally agree with you.
What's this obsession with security anyway? For me Moodle is a wonderful tool for teaching and learning, not for testing, except as far as self-testing is one way (amongst others) of learning.
Joseph
Totally agree with you.
What's this obsession with security anyway? For me Moodle is a wonderful tool for teaching and learning, not for testing, except as far as self-testing is one way (amongst others) of learning.Joseph
Hi,
I agree with Joseph. I don't think it is necessary to block the change of focus. Much better would be to allow students to search on the web for example, because if they are able to find the solution on the web fast enough, it means they have already searched for it before and already learnt it. I don't know which kind of cheating you want to prevent, but it seems like you want your students to learn something by heart. I would purpose you change your questions so they test the understanding and not the by heart learning (I find it really useless because one forget it as fast as one learn it). I know formulating good questions is a very hard job, but it's the job of a teacher.
The only thing I would not allow is chatting. I think the reasons are clear.
I think a way to prevent users to change take the focus of the browser could be made using javascript, but I'm not sure.
Nico
I agree with Joseph. I don't think it is necessary to block the change of focus. Much better would be to allow students to search on the web for example, because if they are able to find the solution on the web fast enough, it means they have already searched for it before and already learnt it. I don't know which kind of cheating you want to prevent, but it seems like you want your students to learn something by heart. I would purpose you change your questions so they test the understanding and not the by heart learning (I find it really useless because one forget it as fast as one learn it). I know formulating good questions is a very hard job, but it's the job of a teacher.
The only thing I would not allow is chatting. I think the reasons are clear.
I think a way to prevent users to change take the focus of the browser could be made using javascript, but I'm not sure.
Nico
Would it be possible to use the onBlur statment to call the close quiz function if the user were to Alt+Tab out or just change the focus?
Sam
Sam
I would like quiz takers to stay in the kiosk window until they have submitted the test and I am always interested in a more secure quiz (I think that flash is probably the way to go but..) so please write the OnBlur javascript and submit it to moodle developers for approval.
Dear Frederict Pouyot
The javascript is obfuscated in
\moodle\mod\quiz\protect_js.php
please do add extra security to this file. It would be nice if it tested to see which browser the student is using and applied the security measures that will work in that environment.
It would also be nice if there were routines to detect initial attempt to circumvent security and discourage them from trying harder. E.g.
If students press right click, have a popup warning that tells them not to do that again and that their IP has been logged.
If students open attemp.php in their browser cache have the page sense that it did not come from quiz/view.php the right place, and redirect to a page with a warning that logs their ip address (canny students will of course turn off their Internet connection but by no means all)
Do not just block but log attempts to press ALT-tab, right-mouse click, etc and store this on a page where teachers can view it, and perhaps display the results to the student "You pressed control keys at least 17 times during the course of this test and this fact has been communicated to your instructor". The determined student will get around the security, but in the process should set off quite a few bells.
If one hundredth of the effort spent upon improving the user experience, were spent on limiting the user ability to bipass test security, then I am pretty sure that 99.9% of my students would not be able to get around it. Of course, it is a lot more rewarding to provide ways of expanding the user experience.
I agree however that requiring students to install a client side is probably going to cause more problems than it is worth.
Tim
I think that installing the client-side app is a good idea, but only for organizations that offer the course(s) on a local intranet (eg. Colleges, Universitys, etc...), where they have complete control of what apps get installed. It's much easier to put the app in an update and push it to the pc's that need it so there's no confusions.
Sam
Sam
I am using the 1.9.3 download
I need to be able to have the student enter a quiz and not be able to switch windows or open other programs with out closing the quiz out. I have been reading the post but can not find the correct files to edit to lock to quiz windows on top ie “modal” and open it to F11 type full screen “full computer screen” no start bar at bottom of screen or title bar at top.
I thought that I had narrowed down to “\mod\quiz\” directory but I am having trouble getting to right code to do what I need.
I would be thankful for any code and file names and locations.
Or
If I missed a security add on or plug-in.
Thank you
Michael Steffens
San Diego City College
You are asking for the impossible, if the student is using a normal web browser. Things inside a web browser can only do things that the browser lets them do. And imagine if any web site could tell the browser: "Don't let the user move to another web site, or even another application on the computer, until I give permission." You can be fairly sure that unscrupulous advertisers would love that feature, but it would rapidly drive users up the wall. Therefore, browser don't let web sites to anti-social things like that.
Similarly, most operating systems make it very difficult for one application to prevent the user switching to other applications.
So to do what you are asking, you would need to install a specially-configured operating system and browser on the computers being used. If you are running high stakes exams in a computer room you control, it can be worth it. If not, think again.
Similarly, most operating systems make it very difficult for one application to prevent the user switching to other applications.
So to do what you are asking, you would need to install a specially-configured operating system and browser on the computers being used. If you are running high stakes exams in a computer room you control, it can be worth it. If not, think again.
Just as a general tip, if you want to insert some arbitrary JS code in the body tag on that file (like onBlur or onLoad) then you can add it to the 10th parameter to the print_header() function called $bodytags. In your case it's probably in mod/quiz/attempt.php.
Is there a way to allow the student to review a quiz and secure it so they can not print off the quiz?
Please spend your time on something more constructive. I am happy to bet $US100 (donated to moodle.org) that whatever system you put in place one of my 16-18 year olds will find a way around within a week if given access to. And once one have them has found a way round it can be available and locatable to every other student on the planet within minutes.
This has been discussed extensively and exhastively in these forums previously.
This has been discussed extensively and exhastively in these forums previously.
We can schedule exams to be taken in a secure window. Why can we not then review the exams in a secure window? We're not asking for the moon...just a function similar to what is already present!