Moodle and security
Moodle is an open source CMS (Course Management System)/LMS (Learning Management System)/VLE (Virtual Learning Environment). Its primary purpose is to enable educational institutions and individuals to create and publish learning content in a coherent and pedagogically valuable manner, so that it can be used for successful knowledge transfer towards students.
That sounds harmless enough. Why would anybody want to illegally access an educational platform?
There are various motives of computer criminals. In general, they are people committed to the circumvention of computer security. This primarily concerns unauthorized remote computer break-ins via a communication network such as the Internet. Some of the motives could be:
Financial: Stealing user and/or course information and selling it to other third-parties
Personal: Personal grudge, infantile display of power, desire to alter assigned grades, and so on
Weak points
Moodle is a web application and as such must be hosted on a computer connected to some kind of network (private or public—Internet / Intranet). This computer must have the following components:
Operating System (OS)
Web server
PHP
Database server
Moodle
Each of these pieces can be used as a point of attack by a malicious user(s) in order to obtain access to the protected information. Therefore, it is our task to make all of them as secure as possible. The main focus will be directed towards our Moodle and PHP configuration. At the end of the book you can find some recommended literature for additional reading.
