Book Image

Moodle Administration

By : Moodle Trust, Alex Büchner
Book Image

Moodle Administration

By: Moodle Trust, Alex Büchner

Overview of this book

Table of Contents (22 chapters)
Moodle Administration
About the Author
About the Reviewer

System Security

In this section we are dealing with configuration settings, login via secure HTTP, and module security.

Configuration Security

There are a number of general configuration settings that potentially have an impact on the security of your system.

Accessibility of Dataroot

In the Notifications screenshot at the beginning of the chapter, you probably spotted the warning that the dataroot directory is directly accessible via the Web. Moodle requires additional space on the server to store uploaded files such as course documents and user pictures. The directory is called dataroot and should not be accessible via the Web. If this directory is accessible directly, unauthorized users can get access to its content.

To prevent this, move your dataroot directory outside the web directory, and modify config.php by changing the $CFG->dataroot entry.

In externally hosted environments, it is often not possible to locate the directory outside the web directory. If this is the case, create a...