Security Overview
Moodle takes security extremely seriously and any potential issues are given highest priority. Fixed vulnerabilities often trigger the release of minor versions, for example Moodle 1.8.5, which emphasize the importance of the subject.
The security of a system is as good as its weakest link. Moodle relies on significant software, hardware, and network infrastructure, and security can potentially be compromised in a number of areas. As the focus of this book is on Moodle and the administration thereof, we only cover security elements of Moodle per se. The following areas are not dealt with, and it is necessary to consult the respective documentation on security issues:
Software
As described in Chapter 3, Moodle's key components comprise of a web server (usually Apache or Microsoft IIS), a database server (for example, MySQL), and a programming language (PHP). Additional PHP and operating system extensions are required, for instance, to support networking.
Hardware
Moodle runs...