http://wiki.mipt.ru/index.php?action=history&feed=atom&title=Development%3ASecurity%3AData-lossDevelopment:Security:Data-loss - История изменений2026-05-06T21:55:32ZИстория изменений этой страницы в викиMediaWiki 1.42.1http://wiki.mipt.ru/index.php?title=Development:Security:Data-loss&diff=11854&oldid=prevОлег Давидович: 1 версия импортирована2024-10-21T08:53:11Z<p>1 версия импортирована</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<tr class="diff-title" lang="ru">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Предыдущая версия</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Версия от 08:53, 21 октября 2024</td>
</tr><tr><td colspan="2" class="diff-notice" lang="ru"><div class="mw-diff-empty">(нет различий)</div>
</td></tr></table>Олег Давидовичhttp://wiki.mipt.ru/index.php?title=Development:Security:Data-loss&diff=11853&oldid=prev1>TimHunt: New page: This page forms part of the Moodle security guidelines. ==What is the danger?== This is more a symptom or other vulnerabilities, than a vulnerability in its own ...2009-11-06T15:42:14Z<p>New page: This page forms part of the <a href="/index.php?title=Development:Security" title="Development:Security">Moodle security guidelines</a>. ==What is the danger?== This is more a symptom or other vulnerabilities, than a vulnerability in its own ...</p>
<p><b>Новая страница</b></p><div>This page forms part of the [[Development:Security|Moodle security guidelines]].<br />
<br />
==What is the danger?==<br />
<br />
This is more a symptom or other vulnerabilities, than a vulnerability in its own right.<br />
<br />
For example, Evil Hacker can use cross-site request forgery or SQL injection to maliciously destroy lots of your data. Or the fact that someone has permission to destroy a lot of data may indicate that the code is not performing sufficient authorisation checks.<br />
<br />
However, it is also possible for users to accidentally destroy lots of data if the user-interface is badly designed and confusing.<br />
<br />
<br />
==How Moodle avoids this problem==<br />
<br />
We write secure code so that data cannot be destroyed maliciously.<br />
<br />
We try to design clear interfaces, so that users understand the effects of their actions.<br />
<br />
<br />
==What you need to do in your code==<br />
<br />
* Actions that destroy a significant amount of data should have a confirmation step.<br />
** Capabilities that let people destroy a lot of information should have RISK_DATALOSS.<br />
* Follow the guidelines for avoiding<br />
** [[Development:Security:Unauthorised access|Unauthorised access]]<br />
** [[Development:Security:Cross-site_request_forgery|Cross-site request forgery]] (XSRF)<br />
** [[Development:Security:SQL injection|SQL injection]]<br />
** [[Development:Security:Command-line injection|Command-line injection]]<br />
** and so on.<br />
<br />
<br />
==What you need to do as an administrator==<br />
<br />
* Be careful!<br />
<br />
<br />
==See also==<br />
<br />
* [[Development:Security]]<br />
* [[Development:Coding]]<br />
<br />
{{CategoryDeveloper}}<br />
[[Category:Security]]</div>1>TimHunt