report/security/report security check mediafilterswf

report/security/report security check mediafilterswf

report/security/report security check mediafilterswf Automatic Flash embedding with the Multimedia plugins filter can be dangerous, since any registered user may launch an XSS attack against other server users. See also Using Moodle Security and Privacy forum Using Moodle swf filter security forum discussion   
report/security/report security check embed

report/security/report security check embed

report/security/report security check embed Allowing ordinary users to embed Flash and other media in their texts (e.g. forum posts) can be a problem because those rich media objects can be used to steal admin or teacher access, even if the … Continued
report/security/report security check noauth

report/security/report security check noauth

report/security/report security check noauth With the No authentication method enabled, a user can create an account without any kind of authentication from other systems, and with no email-based confirmation that the email address that they have provided is valid, or even exists! … Continued
report/security/report security check displayerrors

report/security/report security check displayerrors

report/security/report security check displayerrors If PHP is set to display errors, then anyone can enter a faulty URL causing PHP to give up valuable information about directory structures and so on. If you go to Settings > Site administration > Reports … Continued
report/security/report security check unsecuredataroot

report/security/report security check unsecuredataroot

report/security/report security check unsecuredataroot The dataroot is the directory where Moodle stores user files. It should not be directly accessible via the web. See also Using Moodle Security and Privacy forum MDL-15716 Tighten dataroot security checks and warn the administrator ‘loudly’   
report/security/report security check globals

report/security/report security check globals

report/security/report security check globals register_globals is a PHP setting that must be disabled for Moodle (and almost all PHP software) to operate safely. See also Using Moodle Security and Privacy forum