A question about security

  • Resolved mlapl1

    (@mlapl1)


    3 years, 6 months ago

    Hello

    I gather that when a SCORM module is uploaded it goes into the normal wordpress structure. This means that anybody able to guess its URL may be able to access it directly without going through the LMS or a membership gateway. So… my question is: what measures does cluevo have to protect modules and other uploaded materials. One solution that comes to mind (but may have overheads) is to store modules above the root of the web server (I think Moodle does this) – but that would complicate the coding a bit I guess – what do you think?
    Andrew

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author CLUEVO

    (@cluevo)

    Hey mlapl1,

    we currently have a basic security feature via .htaccess in place. You can activate this on the CLUEVO settings page. What this does is it places a .htaccess file inside the module directory prevents direct access to the files. Someone very determined can probably circumvent this by forging the requests to the files but for the majority of users this should prevent undue access.

    We do have something more in-depth planned, but this will need some more time to implement. It will probably be something along the lines of what you mentioned with storing the files outside the root directory. We’re currently exploring options for this though, because this will need to be optional as a lot of users don’t actually have hosting that allows this sort of solution.

    Greetings,

    Chris

    Thread Starter mlapl1

    (@mlapl1)

    Thank you very much @cluevo – that is very helpful.

    • This reply was modified 3 years, 6 months ago by mlapl1.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘A question about security’ is closed to new replies.