Demo site security improvements

Our Moodle demonstration site is now using Moodle 1.9.7 (thanks to Moodle HQ sys admin Jordan for upgrading) and has demo account passwords FunMood1ing! which fulfil the default password policy i.e. at least 8 characters and including at least one number, one lowercase letter, one uppercase letter and one non-alphanumeric character. The security overview report [...]

Read Full Post »

Password policy enabled on upgrade

A heads up for anyone upgrading to the latest Moodle 1.9.6+, you’ll find the password policy (in Site Administration > Security > Site policies) has been enabled and admins will be prompted to change their password on next login. Thus, if your site is for testing purposes only, you may wish to disable the password [...]

Read Full Post »

Password salting

Today I have been learning about password salting, a method of making encrypted passwords more secure and practically impossible to crack. Please see the documentation Password salting for the collected wisdom of posters in the forum discussion Moodle Salting and in our developer chat. Elsewhere in Moodle Docs, I loved a talk page comment regarding [...]

Read Full Post »

Last day of Moodle 1.7.x

Today is the last day of MOODLE_17_STABLE in the Moodle Tracker. As Martin mentioned in the moodle.org news back in February, New releases: Moodle 1.9.4, 1.8.8, 1.7.7 and 1.6.9, Moodle 1.6.9 and Moodle 1.7.7 mark the last builds that the core team plan to release from those branches… please upgrade to later versions! For anyone [...]

Read Full Post »

Issue security levels

Did you know that the security level setting of an issue in the Moodle Tracker determines how many people can view it? I knew that serious security issues could only be viewed by members of the security team (led by Petr Škoda) but I only discovered recently that the other security levels also restrict access. [...]

Read Full Post »