http://wiki.mipt.ru/index.php?action=history&feed=atom&title=Security_FAQSecurity FAQ - История изменений2026-05-06T19:40:08ZИстория изменений этой страницы в викиMediaWiki 1.42.1http://wiki.mipt.ru/index.php?title=Security_FAQ&diff=5349&oldid=prevОлег Давидович: 1 версия импортирована2024-10-18T06:44:55Z<p>1 версия импортирована</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<tr class="diff-title" lang="ru">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Предыдущая версия</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Версия от 06:44, 18 октября 2024</td>
</tr><tr><td colspan="2" class="diff-notice" lang="ru"><div class="mw-diff-empty">(нет различий)</div>
</td></tr></table>Олег Давидовичhttp://wiki.mipt.ru/index.php?title=Security_FAQ&diff=5348&oldid=prev1>Tsala: de inter-wiki link2020-01-23T14:21:49Z<p>de inter-wiki link</p>
<p><b>Новая страница</b></p><div>{{Security}}<br />
==How do I report a security issue?==<br />
<br />
See [[:dev:Moodle security procedures|Moodle security procedures]] in the dev docs for details on how to report a security issue.<br />
<br />
Previously fixed security issues are listed in the [http://moodle.org/security/ Moodle.org Security news]. If you are unsure whether a problem has been fixed or not, it's best to report it anyway.<br />
<br />
==How can I keep my site secure?==<br />
<br />
It's good practice to always use the latest stable release of the version you are using. It is safe to upgrade to a more recent version on the branch you are using, say from Moodle 2.X.1 to the latest version on the 2.X branch. [[Git for Administrators|Downloading via Git]] makes it very easy way to do this.<br />
<br />
==How do I keep track of recent security issues?==<br />
<br />
* [[Site registration | Register your Moodle site with moodle.org]], making sure to enable the option of being notified about security issues and updates. After your registration is accepted, your email address will be automatically added to our low-volume security alerts mailing list.<br />
<br />
* Eventually, all important security issues are published to the general public via the [http://moodle.org/mod/forum/view.php?f=996 Moodle Security forum]. You can subscribe to the forum or [http://twitter.com/moodlesecurity follow moodlesecurity on Twitter].<br />
<br />
==Who is able to view security issues in the Tracker?==<br />
<br />
Depending upon the security level of a Tracker issue, access is restricted to developers, testers or members of the security team. Specific details are available in the [[dev:Tracker guide#When_creating_an_issue|Security Level field description in the Tracker guide]].<br />
<br />
==Which versions of Moodle are supported?==<br />
<br />
Currently supported versions are listed on [http://download.moodle.org/ download.moodle.org].<br />
<br />
==My site was hacked. What do I do?==<br />
<br />
See [[Hacked site recovery]].<br />
<br />
==How can I reduce spam in Moodle?==<br />
<br />
See [[Reducing spam in Moodle]].<br />
<br />
==How can I increase privacy in Moodle?==<br />
<br />
See [[Increasing privacy in Moodle]].<br />
<br />
==How do I enable reCAPTCHA?==<br />
<br />
To add spam protection to the [[Email-based self-registration]] new account form with a CAPTCHA element:<br />
<br />
#Obtain a reCAPTCHA key from http://recaptcha.net by [https://admin.recaptcha.net/accounts/signup/?next= signing up for an account] (free) then entering a domain.<br />
#Copy and paste the public and private keys provided into the ''recaptchapublickey'' and ''recaptchaprivatekey'' fields in the manage authentication common settings in ''Administration > Plugins > Authentication > [[Manage authentication]]''.<br />
#Click the "Save changes" button at the bottom of the page.<br />
#Follow the settings link for email-based self-registration in ''Administration > Plugins > Authentication > Manage authentication'' and enable the reCAPTCHA element.<br />
#Click the "Save changes" button at the bottom of the page.<br />
<br />
==How can I run the security overview report?==<br />
<br />
To run the [[Security overview|security overview report]], go to ''Administration > Site administration > Reports > Security overview''.<br />
<br />
== I have discovered Cross Site Scripting (XSS) is possible with Moodle ==<br />
<br />
Some forms of rich content used by teachers to enhance their courses use the same technologies that malicious users can use for cross-site scripting attacks. If Moodle was solely concerned with security, it would not allow this. However, Moodle is also concerned with education and so a balance has to be struck between securing the system and supporting teachers with their needs.<br />
<br />
In order to strike a balance between authoring rich educational content and securing the system, access to post XSS-capable content is controlled by capabilites flagged with the 'XSS risk' - see [[Risks]]. In general this means that admins and teachers can post XSS-capable content, but students can not - see [[XSS_trusted_users]].<br />
<br />
Occasionally security bugs are discovered in Moodle's handling of XSS capable content and we are greatful to the community for reporting these through [https://docs.moodle.org/dev/Moodle_security_procedures responsible disclosure]. Before reporting an XSS bug to Moodle, please ensure that the user posting the XSS content does not have capabilities flagged with the XSS risk.<br />
<br />
==See also==<br />
<br />
* Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum]<br />
<br />
[[Category:FAQ]]<br />
<br />
[[de:Sicherheit FAQ]]<br />
[[es:Seguridad FAQ]]<br />
[[fr: FAQ sur la sécurité]]</div>1>Tsala