ATutor

Learning Management Tools







Pages:1 2 3 4 5 6 7 8 9 10 11 12 13 14 15


Security


  • 2005-06-06 10:13:36

    Security

    Hi,
    My question today is on purpose of the security.
    Is important for us and our project to know if the system(ATutor) guarantees any kind of security (cryptography) of all the information that navigate in Internet, like the password of our users and information like this. If yes, what kind of measure of security have you adopt?
    Thank you so much for your indispensable help.
    esmeralda









    If you are asking for help, provide lots of detail so problems can be reproduced.

    Things to describe:
    operating system -
    version of ATutor -
    versions of php -
    version of mysq l -
    webserver & version -
    copies of error messages -
    changes to default settings -
    web browser being used -
    and anything else relevant -

  • 2005-06-06 18:22:34

    Just use SSL

    Using SSL (i.e. https:// ) with ATutor should be all you need to ensure tight security. All information would be sent over the Web using 128 bit encryption.

    Other security features in ATutor:

    All user input is validated so malicious code can not be submitted through Web forms.

    htmlspecialchars and mysql_escape_string are used together on all user generated database queries to remove the possibility of SQL injection.

    Register_globals must be turned off, so malicious information could not be attached to a URL as GET variables.

    All user information is stored in a PHP session so no text based user information is sent over the Web.

    Course content can be stored outside the Web directory, so it cannot be accessed outside ATutor and a validated user session.

    Sha1 encyption also been added to encrypting student ID's in the master list confirmation utility so they remain doubly secure (ssl and sha1) so only those entitled to create accounts on a system, can do so when the registration/confirmation screen sits outside an ATutor installation, for example.

    There are other stratagies, though that should give you an idea that we do take security seriously.

    Being GPL, we make no guarantees. A contracted warranty might be possible, though we could only warrant that sufficient safety measures have been implemented. We can not guarantee that someone will not eventually figure out how to break ssl encryption, nor could any other developer or vender.

  • 2005-06-07 04:06:25

    Thank you

    Thank you greg, and thank you for the dettails :D

    If you are asking for help, provide lots of detail so problems can be reproduced.

    Things to describe:
    operating system -
    version of ATutor -
    versions of php -
    version of mysq l -
    webserver & version -
    copies of error messages -
    changes to default settings -
    web browser being used -
    and anything else relevant -