Average Reviews:
(More customer reviews)I have been asked on several occasions to tech review Packt Moodle books as they are being drafted. It's a privilege and I tend to say yes -usually because the topic is one I feel is in my area - pedagogically- so I can be of assistance to the author. Sometimes however, I am asked to review a book in a different field from my own. As long as I know the other reviewer is a technical expert I am happy to continue, restricting my comments to style, layout and readability. Such was it with Moodle Security. Before I read the book I only knew the bare minimum a Moodle admin needs to know so I almost turned down the offer of reviewing it. On Packt's assurance that their other reviewer was highly knowledgeable about security issues (so nobody can blame me if they get hacked!!), I agreed to read it and am very glad I did so. I found it enlightening and invaluable.
Written by Moodler Darko Miletic, it takes you through, chapter by chapter, the steps you need to ensure your Moodle is secure from initial installation to site backup -with user and file management in between. Moodlers are well aware that alongside all the great publicity this Open Source LMS/VLE generates, it has had a bad press in the past because of quite large security loopholes. Some have argued this has been the fault of inadequately trained admins -who've left the user profiles open to Google or put their moodledata folder (the one with all the "stuff") in an easily accessible directory because they didn't read the warnings. Others have made the point that Moodle should not allow such mistakes to be made in the first place -particularly as Moodle admins might not always be your techie types, but a regular teacher like me just doing the job for their school. So a book like this must be a welcome addition to any Moodle admin. The first couple of chapters deal with securing your Linux or Windows server. However, even if you don't host Moodle yourself, it is worth reading on because Darko then talks about authentication and roles and permissions. Vital if you want to avoid such dangerous pitfalls as - allowing email based self authentication with no Captcha! or email restrictions (spammers' paradise) or - setting permissions wrongly and allowing someone to create an account and subsequently edit your front page (as I was able to do on a local Moodle a couple of years ago) You can read Chapter 4 on authentication on Packt's site - as a free taster. The book is based on Moodle 1.9 although much of it is still relevant to Moodle 2.0 However, some of the potential security problems with Moodle (such as site wide roles) have been addressed in Moodle 2.0. Chapter 6 handles protection against bots while Chapter 7 deals with securing user files. Moodle 2.0 handles files differently from 1.9 (subject of much controversy!) so some of this will currently not apply - but many users will remain with Moodle 1.9 for a year or so yet, so the information remains valuable. Chapter 9 deals with protecting user and course information, leading up to monitoring user activity in Chapter 10.
Despite being a non-technical Moodle admin I found the book easy to digest and I learned a lot about keeping Moodles secure. If you are a Moodle administrator responsible for a large number of users (or even a small primary school!) it would be well worth investing in Moodle Security, if only so you don't wake up one morning to find the Russian Federation have taken over your site...
Click Here to see more reviews about: Moodle Security
Moodle Security is packed with practical examples, which guide you through optimizing the protection of your Moodle site. Each chapter covers a different security threat and how to secure your site against it. You will also find recommendations for what is best for your particular system and usage. If you are in charge of Moodle - whether you are an administrator or lead teacher - then securing it is one of the most important things that you can do. You need to know the basics of working with Moodle, but no previous experience of system administration is required.
0 comments:
Post a Comment