Educause Security Discussion mailing list archives
Re: Potential Security Risks in OpenSource LMS environments
From: Kees Leune <LEUNE () ADELPHI EDU>
Date: Wed, 15 Jul 2009 14:51:55 -0400
On 7/14/2009 at 5:26 PM, in message
<OFCA6EF495.D93D6FB8-ON852575F3.0075B517-852575F3.0075F0F5 () american edu>, Cathy Hubbs <hubbs () AMERICAN EDU> wrote:
In thinking about the move toward Open Source Learning Management Systems (i.e., Moodle, Sakai, ATutor, etc., etc.) from Blackboard... Has anyone encountered or addressed potential security risks/concerns that may be more prevalent in the Open Source LMS environment vs the COT LMS? 1. Timeliness of Patch Deployment
We have just completed the transition from Blackboard to Moodle and we have been very happy with it. The few times that vulnerabilities were discovered, they were patched very quickly.
2. More difficulty protecting data stores (i.e., distributed, the potential for DBs on individual Faculty workstation)
I do not see how Moodle vs. Blackboard would be different in that--- all data resides on the server; faculty members can always make local copies of the information to which they have access, but that is true for Blackboard also. Our general experience is that we have less downtime with Blackboard than we have with Moodle and that Faculty, Students and Administration are happier with it than they were with Blackboard. Moodle has been tied in to our authentication infrastructure, and very detailed logging has helped me in investigations in the past. Hope this helps, Kees -- Dr. Kees Leune Information Security Officer Adelphi University Garden City, NY +1 (516) 877-3936
Current thread:
- Potential Security Risks in OpenSource LMS environments Cathy Hubbs (Jul 14)
- <Possible follow-ups>
- Re: Potential Security Risks in OpenSource LMS environments Kees Leune (Jul 15)
- Re: Potential Security Risks in OpenSource LMS environments Cathy Hubbs (Jul 15)
- Re: Potential Security Risks in OpenSource LMS environments John Ellingsworth (Jul 15)
- Re: Potential Security Risks in OpenSource LMS environments Jim Dillon (Jul 20)