Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Moodle Security
Moodle Security

Moodle Security: Learn how to install and configure Moodle in the most secure way possible

eBook
€8.99 €28.99
Paperback
€37.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Moodle Security

Chapter 1. Delving into the World of Security

Welcome to Moodle Security!

In the early days of the web, Internet was mostly used for academic purposes. Hence, all communications protocols had very little or no focus on security. The situation started changing as more and more public and commercial services started moving online and common users started actually using Internet in their daily routine. With the increase of user base we see the emerge of the malicious groups of users, the so-called hackers that are focused mostly on information theft and illegal usage. Nowadays it is quite common to be attacked by hacker(s). In fact it is so common and frequent that it is reported that only the USA's cyber attacks generate costs up to 10 billion dollars every year. The purpose of this book is to introduce you to web security while focusing on Moodle.

In this chapter we will cover the following topics:

  • Moodle and security

  • Weak points

  • The secure Moodle installation

  • Quickly securing Moodle

Moodle and security

Moodle is an open source CMS (Course Management System)/LMS (Learning Management System)/VLE (Virtual Learning Environment). Its primary purpose is to enable educational institutions and individuals to create and publish learning content in a coherent and pedagogically valuable manner, so that it can be used for successful knowledge transfer towards students.

That sounds harmless enough. Why would anybody want to illegally access an educational platform?

There are various motives of computer criminals. In general, they are people committed to the circumvention of computer security. This primarily concerns unauthorized remote computer break-ins via a communication network such as the Internet. Some of the motives could be:

  • Financial: Stealing user and/or course information and selling it to other third-parties

  • Personal: Personal grudge, infantile display of power, desire to alter assigned grades, and so on

Weak points

Moodle is a web application and as such must be hosted on a computer connected to some kind of network (private or public—Internet / Intranet). This computer must have the following components:

  • Operating System (OS)

  • Web server

  • PHP

  • Database server

  • Moodle

Each of these pieces can be used as a point of attack by a malicious user(s) in order to obtain access to the protected information. Therefore, it is our task to make all of them as secure as possible. The main focus will be directed towards our Moodle and PHP configuration. At the end of the book you can find some recommended literature for additional reading.

Moodle and security


Moodle is an open source CMS (Course Management System)/LMS (Learning Management System)/VLE (Virtual Learning Environment). Its primary purpose is to enable educational institutions and individuals to create and publish learning content in a coherent and pedagogically valuable manner, so that it can be used for successful knowledge transfer towards students.

That sounds harmless enough. Why would anybody want to illegally access an educational platform?

There are various motives of computer criminals. In general, they are people committed to the circumvention of computer security. This primarily concerns unauthorized remote computer break-ins via a communication network such as the Internet. Some of the motives could be:

  • Financial: Stealing user and/or course information and selling it to other third-parties

  • Personal: Personal grudge, infantile display of power, desire to alter assigned grades, and so on

Weak points

Moodle is a web application and as such must be hosted on a computer connected to some kind of network (private or public—Internet / Intranet). This computer must have the following components:

  • Operating System (OS)

  • Web server

  • PHP

  • Database server

  • Moodle

Each of these pieces can be used as a point of attack by a malicious user(s) in order to obtain access to the protected information. Therefore, it is our task to make all of them as secure as possible. The main focus will be directed towards our Moodle and PHP configuration. At the end of the book you can find some recommended literature for additional reading.

The secure installation of Moodle


In this section we follow a secure installation of Moodle. In case you do not already have an installed instance of Moodle, we will show you the quickest way to do that, and at the same time focus on security. If you already have Moodle installed, go to the following section where you will see how to secure an existing installation of Moodle.

Starting from scratch

In order to install Moodle on your server you need to install and configure the web server with support for PHP and the database server. We will not go into the specifics of setting up a particular web server, PHP, and/or database server right now, since it depends on the OS your server has installed. Also we will not explain in detail tasks like creating directories, setting up file permissions, etc as they are OS specific. Later in this book we will address them in detail for both Linux and Windows. If you need to know that right now then I suggest you go directly to the chapter dedicated to the Operating System you plan on using. This section assumes you already know about your OS and have already configured your web server with an empty database. Every installation of Moodle must have:

  • Web server with PHP support

  • Dedicated database

  • Two dedicated directories—one for Moodle and another for platform data

Note

We assume that your web server is Apache (Linux) or IIS (Windows), and that you use PHP 5.1.x or later and MySQL 5.0 or later.

Installation checklist

The following checklist will guide you through the basic installation procedure for Moodle.

  1. 1. Download the latest stable version of Moodle from http://download.moodle.org/. (At the time of writing this book it is 1.9.8+). You have two options available on the download page—moodle-weekly-19.tgz or moodle-weekly-19.zip archive. In case you use Linux you can choose either. In case of Windows, ZIP file is the preferred choice. The reason for this is simple. Every Windows server comes, by default, with installed support for managing Zip archives. On the other hand, TGZ is readily available on every Linux distribution.

  1. 2. Unpack the compressed file you just downloaded. This will produce a directory with the name moodle which contains all of the platform files. Move that directory to the web-root of your web server. After doing that it is recommended to make all files read-only for safety reasons.

  2. 3. Create a directory called moodledata somewhere on the disk. Make sure that it is not in the web-root of your web server since that would incur a serious security breach. Doing that might expose all platform files submitted by course participants and teachers together with the course content to the outside world.

  3. 4. Create an empty database (we suggest the name moodle or moodledb). The default database character set must be configured to utf8 and collation set to utf8_general_ci. It is recommended to have a special user for accessing this database with limited permissions. In case of credentials theft, a malicious user could only operate on data from one database, minimizing the potential damage. That database user account will need permissions for creating, altering, and deleting the tables, creating/dropping the indexes and reading/writing the data. Here is what you need to execute in your MySQL console for creating a database and user:

CREATE DATABASE moodle CHARSET 'utf8' COLLATION 'utf8_general_ci';
CREATE USER 'moodle'@'localhost' IDENTIFIED BY 'somepass';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON loomdb.\* TO loom@localhost IDENTIFIED BY 'somepass';
FLUSH PRIVILEGES;
  1. 5. Start the installation by opening the http://<url to local installation of the moodle> (for example http://localhost/moodle) in your browser. Make sure it is a more recent browser with pop ups and JavaScript enabled. We recommend Internet Explorer 8+ or Firefox 3.6+. You will see the following screenshot:

  1. 6. On the next screen, we need to specify the web address of the platform and the location of the moodle directory on the disk.

  1. 7. Now, we must configure database access. Choose MySQL as database type, localhost as host server, set the name of the database (moodle), database user, and its password (moodle/moodle). You should leave the table prefix as is.

  1. 8. Moodle checks the server configuration on this screen and displays the outcome. We can proceed with the installation only if all of the minimal requirements are met.

  1. 9. During installation, Moodle generates a configuration file within the moodle directory called config.php. It is important to make this file read-only after installation for security reasons. In case Moodle cannot save config.php it will offer to download or copy content of the file and manually place it in the appropriate location on the server. See the following screenshot:

  1. 10. We are now presented with terms of usage and license agreement. To proceed click yes.

  2. 11. We can now start the installation itself. During that process Moodle will create all of the tables in the database, session files in the moodledata directory, and load some initial information. Make sure you check Unattended operation at the bottom. That way, the process will be executed without user intervention.

  1. 12. After the database setup is finished, we are offered a new screen where we must configure the administrative account. With this user you manage your platform, so be careful about disclosing this information to other users.

Field name

Description

Recommended action

Username

Defines user name inside the Moodle. By default it is admin.

We recommend leaving the default value unchanged.

New password

Defines user logon password.

Must supply valid password.

First name

Defines name of the admin.

Must supply valid name.

Surname

Defines surname of the admin.

Must supply valid name.

E-mail address

Defines user e-mail address.

Must supply valid e-mail.

E-mail display

Define the visibility of your e-mail address within the platform.

We recommend leaving it as is (visible to all).

E-mail active

Defines whether e-mail is activated or not.

Set it to enable.

City/Town

Defines name of the city where you live.

Moodle requires this value.

Select Country

Name of your country.

Set it to your country name.

Timezone

Sets your time zone so that server can display time calculated for your location in some reports.

If not sure what your time zone is, leave it as is.

Preferred language

Choose the platform language.

By default, Moodle comes only with support for English language. If you want to add more languages visit http://download.moodle.org/lang16/ and download and install the appropriate files.

  1. 13. After configuring administrative user there is just one more step to complete and that is setting up the site title and short name. In the Full site name field, place the long name you would like to set for your website; it can have multiple words. In the Short name for the site field put one word without spaces which will represent your website. In the Front Page Description field put a longer description (one paragraph) that explains in more detail the purpose of your site. This is optional and does not affect the Moodle functionality at all.

  1. 14. You have now finished installing Moodle and should see the following screenshot:

Quickly securing Moodle


Moodle offers a quick way of detecting major security issues within your platform setup and that is the security overview report. Go to the Reports | Security overview page. A well configured Moodle should display the following screenshot. In case there are discrepancies, then review the explication near each issue that displays a warning and take the appropriate actions.

Right now, we will give you a simple what to do list in order to pass the security check report without going into too much details. Throughout this book, we will explain in more detail each item on this report list.

Note

The security overview report is available starting from Moodle 1.8.9 and 1.9.4. If you have an older version we strongly recommend you perform an upgrade to a more recent one. Meanwhile, follow the instructions and configure your LMS as suggested.

The checklist in security overview report consists of items that compare current configuration of your system with the recommended one and report the status. Some of the items in the checklist apply to the PHP configuration and others apply to the Moodle configuration.

PHP is configured through a special file called php.ini. The location of this file may vary depending on your OS and type of installation. On Linux it may be usually found at /etc/php.ini. To modify this file you can use any text editor available (vi, nano, notepad, etc.).

Note

After every modification of php.ini you must restart your web server so that the changes may be applied to the system.

Moodle can be configured by using the configuration pages in the administrative part of the platform or by modification of a special configuration file called config.php. Some configuration options are exclusive to the config.php file while others are exclusive to administration interface.

Review the Moodle security overview report

We will now go through every option in the security overview report and explain briefly what it means together with the actual steps you need to perform in order to remedy potential security flaw.

  • Register Globals: This is a PHP setting that can be configured by modifying the PHP configuration file—php.ini. This is the default setting in PHP since version 4.2. Make sure you have the following line in your php.ini:

register_globals = Off
  • Insecure dataroot: If the status for this item is not OK it means that the moodledata folder is placed in a location accessible from the Web without any protection. The solution to this is either to move this folder to some other location or prevent public access with the appropriate web server configuration. For example, if your Moodle is located in /var/www/html/moodle and your moodledata is located in /var/www/html/moodledata the report will show this as an error. To fix this you need to change the location of moodledata to some other directory, for example to /var/www/moodledata.

  • Displaying PHP errors (display_errors option): The display_errors directive determines whether error messages generated by PHP code should be sent to the browser. These messages frequently contain sensitive information about your web application environment, and should never be presented to mistrusted sources. Make sure it is configured like this in your php.ini:

display_errors = Off
  • No authentication: It is a Moodle configuration option. Make sure the "No authentication" plugin is disabled. Go to Administration | Users | Authentication | Manage authentication and configure it as displayed in the following screenshot:

  • Allow EMBED and OBJECT: A Moodle configuration option. Go to Administration | Security | Site policies in your Moodle and make sure that the option Allow EMBED and OBJECT tags is not checked. EMBED and OBJECT tags are used for inserting third-party web browser plug ins for reproducing multimedia content (Adobe Flash, Apple QuickTime, etc.) or for running special embedded applications like java-applets. Some of these plug ins have well-known security issues and therefore are not recommended for general public usage. By disabling this option we are preventing users to add these elements to their pages or other generated content or responses.

  • Enabled .swf media filter: Moodle configuration option. This should be disabled on production websites. Visit Administration | Modules | Filters | Multimedia Plugins and make sure it is disabled. This filter transforms any link to the Adobe Flash file to playable content by using integrated flash player. Since Flash has security issues this option is best left disabled.

  • Open user profiles: Moodle configuration option. Checks if user public profiles are open to anybody. Best practice is to require login before permitting somebody to actually take a look into other people's personal information. Go to Administration | Security | Site policies and make sure Force users to login for profiles is checked.

  • Open to Google: Moodle configuration option. Visit the Site policies page and uncheck Open to Google. With this option we choose whether we permit Google robots to scan the site's content and index it thereby permitting anybody to perform free-text search. In general, this is not a desired behavior in an LMS.

  • Password policy: A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. On the Site policies page check Password Policy. By enabling this we enforce usage of "strong" passwords therefore making it impossible to use dictionary attacks.

  • Password salt: Moodle stores encrypted versions of user passwords into database. Up until Moodle 1.9.8 it used the default way of encrypting user passwords which is prone to dictionary attacks. Password salt increases security of the generated encrypted passwords making a dictionary attack virtually impossible. As of Moodle 1.9.8 use of password salt is enabled by default. However, if you have an older version you can enable this by modifying the config.php file. Place something like this in your Moodle config.php:

    $CFG->passwordsaltmain = '<randomly generated string>';
    

    Be aware that enabling password salt is only possible by editing config.php. You can generate good password salt by going to the special page designed for that purpose—http://dev.moodle.org/gensalt.php.

  • E-mail change confirmation: Go to the Site policies page and enable E-mail change confirmation. Every user in Moodle must have a valid e-mail address. A common way of fiddling with somebody's personal account is to change his password and registered mail address. To prevent these situations we enable e-mail change confirmation which forces a user to confirm changed e-mail address. This is done through a special e-mail sent to the new account.

  • Writable config.php: Make config.php read-only. For example, on Linux you would do something like this:

chmod ug=r,o= <Moodle path>/config.php
  • XSS trusted users: Moodle has a set of seven standard roles. By default, any user with Administrative role on the platform level is completely trusted. Be very careful about which users can have this role. Keep it to a smallest possible group.

  • Administrators: Platform must have at least one user with Administrative role. By default that is user admin.

  • Backup of user data: User data are something very sensitive for every educational institution. Under the Family Educational Rights and Privacy Act (FERPA) student information can be disclosed only to limited set of people directly related with either student's family or educational institution. Only very limited group of people should be able to export student information tied to a course.

  • Default role for all users: This should be set to Authenticated user. If not go to Administration | Users | Permissions | User policies and configure it appropriately.

  • Guest role: This should be set to Guest.

  • Frontpage role: By default it is not set. You can leave it that way or create a special non-legacy role.

  • Default course role (global): The default setting for this is student. This is something that should seldom be changed.

  • Default course role: Same thing as the previous one but on the course level. Again the default value here is student.

Summary


The World Wide Web is an entire universe filled with great opportunities but also a place with various threats to the normal operation and security of any website. In this chapter we provided a brief overview emphasizing the importance of security in a cyber universe. We learned the basic facts about the secure installation of Moodle and how to quickly make our existing Moodle instance more secure. This, of course, is not all. It is just the tip of the iceberg.

In the following chapters we will focus our attention to all of the fine details of properly configuring and optimizing a Moodle instance and all of the accompanying software.

Next stop—how to transform your server into an impenetrable fortress!

Left arrow icon Right arrow icon

What you will learn

  • Use CAPTCHA to make sure that humans are creating new accounts on Moodle - not Spambots Configure PHP and Apache servers to protect your Windows and Linux systems from malicious threats Assign the most appropriate permissions to different files to ensure the right level of protection Create custom roles to control who accesses what Protect your site from external attacks with secure HTTP Organize regular anti-virus scans to ensure no new risks have been introduced to the system Monitor the security of Moodle easily with notifications and security reports Minimize the downtime of Moodle in the case of actual damage

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Feb 10, 2011
Length: 204 pages
Edition :
Language : English
ISBN-13 : 9781849512657
Vendor :
Moodle
Languages :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Feb 10, 2011
Length: 204 pages
Edition :
Language : English
ISBN-13 : 9781849512657
Vendor :
Moodle
Languages :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 121.97
Moodle Security
€37.99
Moodle as a Curriculum and Information Management System
€41.99
Moodle 2 Administration
€41.99
Total 121.97 Stars icon
Banner background image

Table of Contents

10 Chapters
Delving into the World of Security Chevron down icon Chevron up icon
Securing Your Server Linux Chevron down icon Chevron up icon
Securing Your Server—Windows Chevron down icon Chevron up icon
Authentication Chevron down icon Chevron up icon
Roles and Permissions Chevron down icon Chevron up icon
Protection Against Bots Chevron down icon Chevron up icon
Securing User Files Chevron down icon Chevron up icon
Securing Moodle Data Chevron down icon Chevron up icon
Monitoring User Activity Chevron down icon Chevron up icon
Backup Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3
(6 Ratings)
5 star 50%
4 star 33.3%
3 star 16.7%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Martin Biermann Jan 08, 2017
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Excellent primer on Moodle security. It even mentions SELinux! The only detail that was out of date was the Moodledata file system. It's now based on hashes. (I have been using Moddle since v. 2.9).
Amazon Verified review Amazon
Mónico Mar 22, 2012
Full star icon Full star icon Full star icon Full star icon Full star icon 5
After of several years of teaching, using, installing, and updating Moodle. Finally, I can get an excellent book of Moodle Security written by Darko. This book has all security topics related with Moodle. Throughout this book you will find useful examples on Linux and Windows Operating system. This is a must-have book for Moodle administrators.By the way, I just installed Moodle 2.2 on Ubuntu server following the book instructions. Most of them are still useful.
Amazon Verified review Amazon
DennisJ Jul 25, 2011
Full star icon Full star icon Full star icon Full star icon Full star icon 5
A valuable "how to" guide on how to set up and strengthen a Moodle site's security. If you're a Moodle administrator, you need to have this book! Although some of the topics are covered in other references, this book brings that information, in more detail, together concerning this important subject. You won't find a lot of theory here - this book covers the threat space topic-by-topic and provides solutions about how to counter each type of threat.
Amazon Verified review Amazon
Isotonic Turtle May 09, 2011
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
The book covers all aspects of Moodle 1.9 Security and explains concepts in a clear and well-written style.It is good to see that the security of underlying components, that is, operating system (Linux and Windows), database, web server and PHP are covered in detail, as this is where a lot of setups fall short of taking precautions. The author then walks you through all the key aspects of Moodle where "something can go wrong" in terms of security. This covers subjects like authentication, roles, permissions, files, etc. An entire chapter has been dedicated to protection against bots, monitoring user activity, and backups, respectively. The book concludes with an appendix that provides some details on authentication plugins used less common, for instance, LDAP.All in all a well-written book on Moodle 1.9 security that doesn't shy away touching on system-related topics.
Amazon Verified review Amazon
mylearningspace Mar 14, 2011
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
This book is a must-have for any LMS administrator who is serious about data security and information privacy for their Moodle learning management system. It is a concisely and expertly written text which covers a range of technical topics in a clear and accessible manner. Naturally, much is said about the configuration of Moodle's global parameters including authentication, roles, files and backups. On the same token, there is good coverage of security-related considerations at a server level for linux and windows. The text is written for Moodle 1.9.x but much of the book is also relevant for 2.0.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.