I ran across the native moodle report, Reports | Security overview today. It informed me that my config.php file was not protected and could be updated by users on the web site.
The longer I am the admin., the more I like things like this. It was a pretty simple update. For Windows (that's me), I simply changed the permissions on the file to read-only. I remoted into the server and browsed to the web root and right clicked on the config.php file and choose read-only.
This is good.
I will probably forget I did this and at some point want to update this file and will panic when I realize I cannot edit the file, but I am hoping I will figure out kinda quickly that the file is read only.
Moral of the story? Protect, be prudent. Do not let the web site or any web site visitor edit or alter in ANY WAY, the config.php file.
I will be doing the same thing for the rest of my moodle instances!
This comment has been removed by the author.
ReplyDelete