http://wiki.mipt.ru/index.php?action=history&feed=atom&title=Development%3ASecurity%3AConfidential_information_leakageDevelopment:Security:Confidential information leakage - История изменений2026-05-06T20:57:43ZИстория изменений этой страницы в викиMediaWiki 1.42.1http://wiki.mipt.ru/index.php?title=Development:Security:Confidential_information_leakage&diff=11846&oldid=prevОлег Давидович: 1 версия импортирована2024-10-21T08:53:10Z<p>1 версия импортирована</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<tr class="diff-title" lang="ru">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Предыдущая версия</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Версия от 08:53, 21 октября 2024</td>
</tr><tr><td colspan="2" class="diff-notice" lang="ru"><div class="mw-diff-empty">(нет различий)</div>
</td></tr></table>Олег Давидовичhttp://wiki.mipt.ru/index.php?title=Development:Security:Confidential_information_leakage&diff=11845&oldid=prev1>TimHunt: New page: This page forms part of the Moodle security guidelines. ==What is the danger?== Again, this is more a symptom of [[Development:Security:Unauthorised_access|Unaut...2009-11-06T16:21:17Z<p>New page: This page forms part of the <a href="/index.php?title=Development:Security" title="Development:Security">Moodle security guidelines</a>. ==What is the danger?== Again, this is more a symptom of [[Development:Security:Unauthorised_access|Unaut...</p>
<p><b>Новая страница</b></p><div>This page forms part of the [[Development:Security|Moodle security guidelines]].<br />
<br />
==What is the danger?==<br />
<br />
Again, this is more a symptom of [[Development:Security:Unauthorised_access|Unauthorised access]] and other problems, rather than a problem in its own right. However, Moodle handles a lot of personal information about its users, and some countries have laws about how that information is handled, so it is worth having a separate section to consider how we protect the personal information we have about our users.<br />
<br />
<br />
==How Moodle avoids this problem==<br />
<br />
Moodle now has enough capabilities that it can be configures to comply with various juristictions' privacy laws, while also being used in more permissive ways in other situations.<br />
<br />
<br />
==What you need to do in your code==<br />
<br />
* Think about the type of information you are displaying when deciding which permissions checks to perform.<br />
** When a capability lets a user see more personal information about another user than normal, consider marking it as RISK_PERSONAL.<br />
* Make sure you protect against [[Development:Security:Unauthorised_access|Unauthorised access]], [[Development:Security:Cross-site_scripting|Cross-site scripting]], and other problems that allow sensitive information to leak.<br />
<br />
<br />
==What you need to do as an administrator==<br />
<br />
* Consider privacy issues when defining roles, and changing other settings.<br />
<br />
<br />
==See also==<br />
<br />
* [[Development:Security]]<br />
* [[Development:Coding]]<br />
<br />
{{CategoryDeveloper}}<br />
[[Category:Security]]</div>1>TimHunt