Book Image

Moodle Administration

Book Image

Moodle Administration

Overview of this book

Table of Contents (22 chapters)
Moodle Administration
Credits
About the Author
About the Reviewer
Preface
Index

Data and Content Security


Content can potentially contain malicious elements. It further needs to be protected from unauthorized access. In this section, we shall deal with the security of data and content.

Content Created Within Moodle

Users are able to create content in Moodle either by using the resource editor or by uploading files. A number of settings are available to prevent misuse.

HTML allows the embedding of code that uses explicit EMBED and OBJECT tags. This mechanism has recently gained popularity with sites such as YouTube and Google Maps providing code to be embedded for their users. Potentially malicious code can be put in the embedded script, which is why its support is deactivated by default. To activate it, go to Security | Site policies and locate Allow EMBED and OBJECT tags parameter:

The Moodle editor uses a mechanism called KSES to remove any unwanted HTML elements and attributes. A more secure version called HTML Purifier is currently under development, and can be activated...