[Server-devel] Moodle/Server configuration for static IP external access
dave.bauer at gmail.com
Thu Jun 18 12:45:54 EDT 2009
On Thu, Jun 18, 2009 at 10:19 AM, Martin Langhoff <martin.langhoff at gmail.com
> On Thu, Jun 18, 2009 at 3:59 PM, Dave Bauer<dave.bauer at gmail.com> wrote:
> > Most Moodle installs are available to the internet. Does it really make
> > sense to rely only on Moodle being on the internal network to provide
> > security?
> You are right, and a lot of my pre-OLPC work has been in making the
> largest of those installations work smoothly in scale, security,
> performance, customisations... In those cases, Moodle is a webapp.
> In this case, however. Moodle is the central UI for most things XS.
> Some things XS change how the XS behave.
> For example, I am drafting a bit of code that will let you configue
> eth0 and 'domain_config' from a Moodle-based UI. So on first boot, the
> XS comes up in a special mode that lets you set those 2 things.
> Once this work is done, you no longer need to login as root. Ever.
Cool, maybe a switch to turn this off would be useful for those who are
running a different configuration.
> On the other hand, it'd be serious trouble if Moodle started listening
> on the public address. Right now Moodle seems to be reasonably meek...
> but I haven't thought that through actually, it may have risks too.
> The bottom line is:
> Services that are on the LAN address have not been
> designed to be on the WAN address -- many (most?)
> of them are a security risk if exposed to the WAN
> today. As the XS evolves, _more_ services will pose
> a risk if exposed to the WAN.
> So -- put your test/dev machines on the LAN to play with things. The
> XS will hand out DHCP leases to non-XOs, you can create "normal" user
> accounts in Moodle (from the 'course creator'-blessed XO) so that
> things work. Using non-Sugar XMPP clients (mostly) works too if you're
> on the LAN.
> martin.langhoff at gmail.com
> martin at laptop.org -- School Server Architect
> - ask interesting questions
> - don't get distracted with shiny stuff - working code first
> - http://wiki.laptop.org/go/User:Martinlanghoff
dave at solutiongrove.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Server-devel