On Thu, Jun 18, 2009 at 10:19 AM, Martin Langhoff <martin.langh...@gmail.com > wrote:
> On Thu, Jun 18, 2009 at 3:59 PM, Dave Bauer<dave.ba...@gmail.com> wrote: > > Most Moodle installs are available to the internet. Does it really make > > sense to rely only on Moodle being on the internal network to provide > > security? > > You are right, and a lot of my pre-OLPC work has been in making the > largest of those installations work smoothly in scale, security, > performance, customisations... In those cases, Moodle is a webapp. > > In this case, however. Moodle is the central UI for most things XS. > Some things XS change how the XS behave. > > For example, I am drafting a bit of code that will let you configue > eth0 and 'domain_config' from a Moodle-based UI. So on first boot, the > XS comes up in a special mode that lets you set those 2 things. > > Once this work is done, you no longer need to login as root. Ever. > Cool, maybe a switch to turn this off would be useful for those who are running a different configuration. Dave > > On the other hand, it'd be serious trouble if Moodle started listening > on the public address. Right now Moodle seems to be reasonably meek... > but I haven't thought that through actually, it may have risks too. > > The bottom line is: > > Services that are on the LAN address have not been > designed to be on the WAN address -- many (most?) > of them are a security risk if exposed to the WAN > today. As the XS evolves, _more_ services will pose > a risk if exposed to the WAN. > > So -- put your test/dev machines on the LAN to play with things. The > XS will hand out DHCP leases to non-XOs, you can create "normal" user > accounts in Moodle (from the 'course creator'-blessed XO) so that > things work. Using non-Sugar XMPP clients (mostly) works too if you're > on the LAN. > > hth, > > > > m > -- > martin.langh...@gmail.com > mar...@laptop.org -- School Server Architect > - ask interesting questions > - don't get distracted with shiny stuff - working code first > - http://wiki.laptop.org/go/User:Martinlanghoff > -- Dave Bauer d...@solutiongrove.com http://www.solutiongrove.com
_______________________________________________ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel