Moodle Blog
Using Moodle in Primary and Secondary Education – a Personal Experience
Aug
22
Assign System Roles : No! Don’t!
By: admin | Discussion (0)

click to enlarge Ok so your teachers are teachers throughout your school and your students are students whichever class they are in. That doesn’t mean they have to be assigned those roles everywhere in Moodle. A common error, and an issue frequently raised in the Moodle forums is administrators seeing Site Admin>Users>Permissions>Assign System Roles and presuming this is how to enrol their students and staff. Aside from the fact that this puts everyone unneccessarily in all courses, even when they are not teaching them or studying in them, it runs the risk of giving unintended front page privileges to people. ( I once enrolled into a Moodle via email self authentication (see here) and found myself able to edit that Moodle’s front page….) So this post is a caveat really: there are cases where you might want teachers with site-wide rights, but for the most part, just use the course administration block in each course -this block  here. 



Aug
08
Is your Moodle safe? (Part 2)
By: admin | Discussion (3)

moodle dataI was perusing the General Problems forum of Moodle dot org today when I chanced upon a South American Moodler with a photo problem: his images were not displaying as Moodle didn’t seem to be using the file path he expected it to. However, far more disturbing than his getting the Big Red X was the fact  that, within 2 minutes I could look at (or download) any of his images, his podcasts, his Word  documents and slideshows – or had I wished, whole courses protected with an enrollment key on a password access only Moodle. So no – this was not another example of the dangers of  of email-based self registration (as in Part 1) Rather: it was the worryingly common issue of allowing your Moodle file storage directory (often called moodledata or uploaddata) to reside inside your root (often ‘www’) directory. What does that mean? It means that if your site is mymoodle site dot com and you keep your files in moodledata then all anyone needs to do is type in mymoodle site dot com slash moodledata …. and you’re in. And so, sadly, is everyone else. The answer? Make sure this folder is outside of the root directory or at the very least, protect it by an .htaccess file. The relevant Moodle docs are here.     Moodle maverick Steve Hyndman talks in greater length here. Is your Moodle safe?  Test it and find out – before someone else does….