Celebrate Moodle March with Packt and get exciting discounts and offers on all Moodle books through out this month. For more information click here.
Moodle is an open source CMS (Course Management System) /LMS (Learning Management System) /VLE (Virtual Learning Environment). Its primary purpose is to enable educational institutions and individuals to create and publish learning content in a coherent and pedagogically valuable manner, so that it can be used for successful knowledge transfer towards students.
When we talk about Moodle data we are referring to both the user and the course information and binary files that are within the platform. In this article by Darko Miletic, author of Moodle Security, we will focus our attention to the protection and separation of internal Moodle data between valid platform users. The topics we will cover include:
- User information protection
- Course information protection
In this article by Christer Edwards, we will explore FreeBSD Jails. FreeBSD Jails are a kernel-level security mechanism which allows you to safely segregate processes within a sandbox environment. Jails are commonly used to secure production network services like DNS or Email by restricting what a process can access. In the case of a malicious attack on one service, all other Jailed processes would remain secure. FreeBSD Jails securely limits, in an administratively simple way, the amount of damage an attacker can do to a server.Read Securing Network Services with FreeBSD Jails in full
OpenSSO is the answer to many complexities that have emerged during recent years because of the complexity and dynamicity of the security functionality required for software systems. The complexity in software security increases as a result of the increase in complexity of security requirements of the target business that the software should drive and diversity in the integration between different partner's software systems that collaborate to complete a client request.
In this article by Masoud Kalali, author of GlassFish Security, we will discuss how to go about securing our application using OpenSSO.Read Securing our Applications using OpenSSO in GlassFish Security in full
In this article by Ken Finnigan, Luca Stancapiano and Piergiorgio Lucidi , authors of GateIn Cookbook, we will cover
Securing with JBoss AS
Securing with Tomcat
Choosing the JAAS modules
Creating a login page
In this article by Sudheesh Narayanan, the author of the book Securing Hadoop, we look at the Hadoop ecosystem which consists of various components such as Hive, Oozie, and HBase. We need to secure all the other Hadoop ecosystem components.
In this article, we will look at the each of the ecosystem components and the various security challenges for each of these components, and how to set up secured authentication and user authorization for each of them.Read Securing the Hadoop Ecosystem in full
This article by David Overton covers the process of finishing the network protection and routing setup and configuring the protection of the data on the server. We will cover:
- Configuring the firewall ports
- Configuring and testing backups
- Configuring anti-malware
In this article by Prasenjit Sarkar, author of the book VMware vCloud Security, we will focus on creating access control policies based on logical constructs such as VMware vCenter Server containers and VMware vCloud Networking and Security Security Groups, but not just physical constructs such as IP addresses.Read Securing vCloud Using the vCloud Networking and Security App Firewall in full
The web services model brings into the system unique security challenges because the business data in the form of XML documents may be required to travel across untrusted networks and has the chance of being manipulated by external systems.
Throughout the entire business transaction, different classes of users and systems need access to the entire business transaction. If any part of this chain is compromised, the whole business application deployed as a service will fail. Web services are inherently about how to share the process of computing across a distributed network of systems. Web services' communication channel being XML, messages are text-based, readable, and self describing.Read Securing XML Documents in full
As an information system, JIRA is all about data. It should come as no surprise to you that security plays a big role in JIRA not only to ensure that only the right people get access to the data, but also to maintain data integrity by preventing accidental changes.
By the end of the article by Patrick Li, author of JIRA 4 Essentials, you will have learned:
- How to utilize user management features in JIRA
- About JIRA's permission hierarchy
- About general access control in JIRA
- How to manage fine-grained permission settings
Even though a trixbox system is a phone system, it is still a basic computer system like any other. One of the problems that we face is that extensions and VoIP service providers typically come into the system over the open Internet; this means that certain aspects of our system are wide open to the outside world. During the week that this article was written, several new scripts came out that allowed people to scan machines over the Internet, find systems that are running Asterisk, get the list of available extensions, and then hack the passwords. These tools allow a malicious hacker to get into your system and start making long-distance phone calls. There were numerous instances of companies with phone bills reaching into the thousands and even tens of thousands of dollars. Because of issues like this, it is more imperative than ever that you understand how to properly secure your trixbox server from the outside world. In this article by Kerry Garrison, we will focus on how to secure the trixbox server.Read Securing Your trixbox Server in full
In this article by John Horton, PrestaShop 1.3 Beginner's Guide, we shall:
- Look at ways your shop can be damaged
- Add users, profiles, and permissions to increase security
- Talk about and optionally implement SSL to protect your customers' private information
- Learn how to backup and restore your shop in case everything else fails
- Talk about upgrading PrestaShop and how this helps keep your business secure
In this article by Martin Spasovski, author of OAuth 2.0 Identity and Access Management Patterns, we'll learn about the security features that the OAuth 2.0 provides, and which security considerations we can take into account in order to build more secure applications.Read Security considerations in full
While Plone is quite fortunate to be built on top of the very safe and secure Zope 2 application server, there is always more we can do to make sure our site is running as safely and securely as possible.
Because security is such a big topic, there are many areas where we can perform audits and make improvements such as operating system (OS), flesystem (FS), through the web (TTW), and so on.
Lastly, there are some miscellaneous tasks that fall under the security umbrella; we can take this opportunity to learn them.
So let's get to it.
In this article by Alex Clark, author of Plone 3.3 Site Administration you will learn:
- Restricting TCP/IP access to localhost or LAN host
- Managing IP addresses and ports effectively
- Configuring the Zope 2 effective user dynamically
- Installing Cassandra to audit through the web (TTW) security
- Applying security and bug fixes to Plone
To build a blog application, we need a database that will store the published articles. In most cases, the choice of the database depends on the current project. There are factors such as performance and scalability and we should keep them in mind. In order to have a better look at the possible solutions, we will have a look at the two of the most popular databases, MongoDB and MySQL, in this article by Krasimir Tsonev, the author of Node.js Blueprints. The first one is a NoSQL type of database. According to the Wikipedia entry (http://en.wikipedia.org/wiki/NoSQL) on NoSQL databases:
Read Selecting and initializing the database in full
"A NoSQL or Not Only SQL database provides a mechanism for storage and retrieval of data that is modeled in means other than the tabular relations used in relational databases."
This article by Aurelio De Rosa the author of Instant JQuery Selectors, describes how many and what are the selectors to collect elements by their attributes.
In this article, we'll see how to select elements by their attributes paying attention to some quirks that can lead to an unexpected behavior.Read Selecting by attributes (Should know) in full
In this article by Jacob Gube, we will look at:
- The $() and $$() function
- Selecting HTML elements with pseudo-class selectors
- Selecting HTML elements based on their attributes
So let’s get on with it...Read Selecting DOM Elements using MooTools 1.2: Part 1 in full
In this article by Jonathan Chaffer and Karl Swedberg, the authors of Learning jQuery Fourth Edition, we will cover the structure of the elements on a web page, how to use CSS selectors to find elements on the page, and custom jQuery extensions to the standard set of CSS selectors. The jQuery library harnesses the power of Cascading Style Sheets (CSS) selectors to let us quickly and easily access elements or groups of elements in Document Object Model (DOM).Read Selecting Elements in full