http://wiki.mipt.ru/index.php?action=history&feed=atom&title=RisksRisks - История изменений2026-05-06T21:54:45ZИстория изменений этой страницы в викиMediaWiki 1.42.1http://wiki.mipt.ru/index.php?title=Risks&diff=5205&oldid=prevОлег Давидович: 1 версия импортирована2024-10-18T06:44:49Z<p>1 версия импортирована</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<tr class="diff-title" lang="ru">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Предыдущая версия</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Версия от 06:44, 18 октября 2024</td>
</tr><tr><td colspan="2" class="diff-notice" lang="ru"><div class="mw-diff-empty">(нет различий)</div>
</td></tr></table>Олег Давидовичhttp://wiki.mipt.ru/index.php?title=Risks&diff=5204&oldid=prev1>Tsala: Text replacement - "Security overview report" to "Security checks"2024-05-09T15:12:14Z<p>Text replacement - "Security overview report" to "Security checks"</p>
<p><b>Новая страница</b></p><div>{{Roles}}Careful consideration should be given to the risks involved in allowing different capabilities.<br />
<br />
==Configuration==<br />
Certain capabilities are intended for administrators and managers only, as they enable users to change the site configuration and behaviour.<br />
<br />
==XSS (Cross-Site Scripting)==<br />
Certain capabilities enable users to add non-checked files and HTML code containing JavaScript etc. This may be misused for cross-site scripting (XSS) purposes, with the potential to gain full admin access. These capabilities are intended for administrators and teachers only.<br />
<br />
:''Tip'': The [[Security overview|Security checks]] (''Administration > Reports > Security overview'') lists all [[XSS trusted users]].<br />
<br />
==Privacy==<br />
Certain capabilities enable users to gain access to private information of other users, for example non-public information in a user's profile. These capabilities are intended for administrators and teachers only.<br />
<br />
==Spam==<br />
Certain capabilities enable users to add content to site, for example forum posts, account creation, and send messages to other users. These capabilities may be misused for spamming purposes.<br />
<br />
==Risks for predefined roles==<br />
<br />
* Guest - only capabilities without any risks are allowed<br />
* Student - certain capabilities with spam risks are allowed<br />
* Teacher - certain capabilities with XSS and privacy risks are allowed<br />
* Administrator - all capabilities are allowed<br />
<br />
==See also==<br />
<br />
* [[Development:Hardening new Roles system]]<br />
* [[Capabilities/moodle/site:trustcontent]]<br />
<br />
[[es:Riesgos]]<br />
[[fr:Risques]]<br />
[[ja:リスク]]<br />
[[de:Risiken]]</div>1>Tsala