Our Moodle demonstration site is now using Moodle 1.9.7 (thanks to Moodle HQ sys admin Jordan for upgrading) and has demo account passwords FunMood1ing! which fulfil the default password policy i.e. at least 8 characters and including at least one number, one lowercase letter, one uppercase letter and one non-alphanumeric character.
The security overview report (in Site Administration > Reports > Security overview) includes a report of any roles, permissions overrides and users who are allowed to backup user data. It is recommended that the capability to backup user data is only allowed for people who really need it, and their accounts should be protected by strong passwords. Note that glossary and database activity entries can easily be moved to a different course using the export and import entries feature without needing to backup user data.
The security overview report also reports that a password salt has been set.
Of course these demo site security improvements aren’t strictly necessary, since the database and files are erased and restored to a clean state every hour, however hopefully they serve to set a good example.
Leave a comment