The Moodle development team is very concerned about security. Making sure that Moodle protects its user data is one of the most important considerations to them. As a developer of Moodle code, you also need to treat security as being important, and must write secure code.
This chapter will cover the most common security concerns and best practices when developing code for Moodle. Moodle security policies are set up to deal with:
User access protection
SQL injection attacks
Cross Site Scripting (XSS)
Sanitizing user input
User access is the first line of protection that Moodle has. Content and functionality can be protected so that anyone has to first log in using a valid account before they can access the content or functions of the site. Beyond that, specific functions within the site can be controlled by allowing or preventing capabilities for roles (see the section on access controls inChapter 1,Moodle Architecture
Any main script in Moodle...