[Server-devel] Moodle/Server configuration for static IP external access
Martin Langhoff
martin.langhoff at gmail.com
Thu Jun 18 10:19:18 EDT 2009
On Thu, Jun 18, 2009 at 3:59 PM, Dave Bauer<dave.bauer at gmail.com> wrote:
> Most Moodle installs are available to the internet. Does it really make
> sense to rely only on Moodle being on the internal network to provide
> security?
You are right, and a lot of my pre-OLPC work has been in making the
largest of those installations work smoothly in scale, security,
performance, customisations... In those cases, Moodle is a webapp.
In this case, however. Moodle is the central UI for most things XS.
Some things XS change how the XS behave.
For example, I am drafting a bit of code that will let you configue
eth0 and 'domain_config' from a Moodle-based UI. So on first boot, the
XS comes up in a special mode that lets you set those 2 things.
Once this work is done, you no longer need to login as root. Ever.
On the other hand, it'd be serious trouble if Moodle started listening
on the public address. Right now Moodle seems to be reasonably meek...
but I haven't thought that through actually, it may have risks too.
The bottom line is:
Services that are on the LAN address have not been
designed to be on the WAN address -- many (most?)
of them are a security risk if exposed to the WAN
today. As the XS evolves, _more_ services will pose
a risk if exposed to the WAN.
So -- put your test/dev machines on the LAN to play with things. The
XS will hand out DHCP leases to non-XOs, you can create "normal" user
accounts in Moodle (from the 'course creator'-blessed XO) so that
things work. Using non-Sugar XMPP clients (mostly) works too if you're
on the LAN.
hth,
m
--
martin.langhoff at gmail.com
martin at laptop.org -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
More information about the Server-devel
mailing list