Moodle Blog

Book Review: Moodle Security

I have been asked on several occasions to tech review Packt Moodle books as they are being drafted. It’s a privilege and I tend to say yes -usually because the topic is one I feel is in my area – pedagogically- so I can be of assistance to the author. Sometimes however, I am asked to review a book in a different field from my own. As long as I know the other reviewer is a technical expert I am happy to continue, restricting my comments to style, layout and readability. Such was it with  Moodle Security. Before I read the book I only knew the bare minimum a Moodle admin needs to know so  I almost turned down the offer of reviewing it. On  Packt’s assurance that their other reviewer was highly knowledgeable about security issues (so nobody can blame me if they get hacked!!), I agreed to read it and am very glad I did so. I found it enlightening and invaluable.

Written by Moodler Darko Miletic, it takes you through, chapter by chapter, the steps you need to ensure your Moodle  is secure from initial installation to site backup -with user and file management in between.  Moodlers are well aware that alongside all the great publicity this Open Source LMS/VLE generates, it has had a bad press in the past because of quite large security loopholes. Some have argued this has been the fault of inadequately trained admins -who’ve left the user profiles open to Google or put their moodledata folder (the one with all the “stuff”) in an easily accessible directory because they didn’t read the warnings. Others have made the point that Moodle should not allow such mistakes to be made in the first place  -particularly as Moodle admins might not always be your techie types, but a regular teacher like me just doing the job for their school. So a book like this must be a welcome addition to any Moodle admin.  The first couple of chapters deal with securing your Linux or Windows server. However, even if you don’t host Moodle yourself, it is worth reading on because Darko then talks about authentication and roles and permissions. Vital if you want to avoid such dangerous pitfalls as – allowing email based self authentication with no Captcha! or email restrictions (spammers’ paradise) or – setting permissions wrongly and allowing someone to create an account and subsequently edit your front page (as I was able to do on a local Moodle a couple of years ago)   You can read Chapter 4 on authentication here – as a free taster. The book is based on Moodle 1.9 although much of it is still relevant to Moodle 2.0 However, some of the potential security problems with Moodle (such as site wide roles) have been addressed in Moodle 2.0. Chapter 6 handles protection against bots  while Chapter 7 deals with securing user files. Moodle 2.0 handles files differently from 1.9 (subject of much controversy!) so some of this will currently not apply – but many users will remain with Moodle 1.9 for a year or so yet, so the information remains valuable. Chapter 9 deals with protecting user and course information, leading up to monitoring user activity in Chapter 10.

Despite being a non-technical Moodle admin I found the book easy to digest and  I learned a lot about keeping Moodles secure. If you are a Moodle administrator responsible for a large number of users (or even a small primary school!) it would be well worth investing in Moodle Security, if only so you don’t wake up one morning  to find the Russian Federation have taken over your site…

Dieser Beitrag wurde am Sunday, 27. February 2011 um 19:36 Uhr veröffentlicht und wurde unter der Kategorie Moodle abgelegt. Du kannst die Kommentare zu diesen Eintrag durch den RSS-Feed verfolgen. Du hast die Möglichkeit einen Kommentar zu hinterlassen, oder einen Trackback von deinem Weblog zu senden.

«  –  »

No Comments »

No comments yet.

Leave a comment


The Blog Posts

Search the blog



WP-Design: Vlad -- Powered by WordPress -- XHTML 1.0