General help

Alex - Actually there is a whole site dedicated to security (http://security.moodle.org/) which thankfully gets remarkably very little traffic. You should probably start by reading http://docs.moodle.org/en/Security since I think it will answer a number of your concerns. The developers have taken great care into making sure that data is validated as it comes in from the user thus helping to reduce the likelihood of sql injection attacks. I know that Moodle is used at many high schools and university campuses. I trust the ingenuity of students to find security holes and exploit them; however, I just have not seen that many issues pop up and when they do the developers make them a top priority and come up with fixes, send notifications out, and help to prevent issues before they start. Thanks for the idea but I think the developers have beaten you to it this time. Feel free to continue to think through suggestions on the forums and if you come up with some ideas of how Moodle can be improved or discover any bugs you should be aware of the tracker at tracker.moodle.org Peace - Anthony

We have spent a lot of time dealing with such issues in the past, and will address any further issues quickly if they come up.

Anthony pointed out the security site which is still currently the main place to report issues. This site will be phased out soon because in the new tracker you can flag bugs as security concerns and only the security group can see them.

As for best practice in keeping your own site secure, a web page would be a great idea.

http://docs.moodle.org/en/Security

You may want to help add things to that page.