He visitado varios cursos virtuales en Moodle y he visto que aún siguen en la versión 1.5 o 1.6 cuando ya está disponible la versión 1.8.
¿Por qué dejaron de actualizar Course Management System Moodle?
En mi opinión, la mayor desventaja que tienen los CMS bajo licencia GPL es que hay que tener la versión más actualizada, debido a que los bugs que se encuetran en cada versión ponen en riesgo la información y el prestigio de una organización.
La siguiente es una vulnerabilidad reportada a SecurityFocus el 14 de diciembre del 2006.
Vulnerabilidad en Moodle 1.5 - 1.6
Bugtraq ID: 21596 Class: Input Validation Error CVE: Remote: Si Local: No Published: Dec 14 2006 12:00AM Updated: Dec 15 2006 07:48PM Credit: These vulnerabilities were discovered by Jose Miguel Yanez Venegas. Vulnerable: Moodle moodle 1.6.1
Moodle moodle 1.5.2
Moodle moodle 1.5.1
Moodle moodle 1.5
BEA Systems Weblogic Proxy Plugin 1.5.3 +
BEA Systems Weblogic Proxy Plugin 1.5.3
Moodle is reported prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an HTML injection issue, because the application fails to properly sanitize user-supplied input data.The cross-site scripting vulnerability is reported to affect version 1.6.1; the HTML-injection vulnerability affects version 1.5.
Attackers can exploit the HTML-injection issue through a web-client. Attackers can exploit the cross-site scripting issue by enticing an unsuspecting victim to follow a malicious URI.
Sample exploit code has been provided:
http://www.securityfocus.com/data/vulnerabilities/exploits/21596.html
Explotando esta vulnerabilidad se pone en riesgo cualquier cuenta de usuario incluyendo la cuenta de Administrador.
Consejos:
- Tener conocimiento de las vulnerabilidades más comunes y probar el CMS antes de instalarlo.
- Se debe estar pendiente de las vulnerabilidades del CMS visitando páginas como: www.securityfocus.com, www.securitydot.net/, www.bnlug.org/
- Realizar Copias de Seguridad periódicamente.
- Actualizar constantemente el content management system (CMS).
Splash Screen
package org.jmy.views.components;import java.awt.BorderLayout;
import javax.swing.ImageIcon;
import javax.swing.JLabel;
import javax.swing.JProgressBar;
import javax.swing.JWindow;import org.firmed.views.util.ViewUtil;
public class JSplash extends JWindow {
private static final long serialVersionUID = 8644899390279522763L;public JSplash(ImageIcon icon) {
super();JLabel label = new JLabel(icon);
JProgressBar bar = new JProgressBar();
bar.setIndeterminate(true);
getContentPane().add(label, BorderLayout.CENTER);
getContentPane().add(bar, BorderLayout.SOUTH);pack();
ViewUtil.centerFrameOnScreen(this);
}}
package org.jmy.views.components;
import java.awt.Container;
import java.awt.Dialog;
import java.awt.Dimension;
import java.awt.GraphicsEnvironment;
import java.awt.Point;
import java.awt.Rectangle;
import java.awt.Toolkit;
import java.awt.Window;
import java.lang.reflect.Method;
public class ViewUtil {
private ViewUtil() {
}
public static Point getCenterPoint() {
final GraphicsEnvironment localGraphicsEnvironment = GraphicsEnvironment
.getLocalGraphicsEnvironment();
try {
final Method method = GraphicsEnvironment.class.getMethod(
"getCenterPoint", (Class[]) null);
return (Point) method.invoke(localGraphicsEnvironment,
(Object[]) null);
} catch (Exception e) {
}
final Dimension s = Toolkit.getDefaultToolkit().getScreenSize();
return new Point(s.width / 2, s.height / 2);
}
public static Rectangle getMaximumWindowBounds() {
final GraphicsEnvironment localGraphicsEnvironment = GraphicsEnvironment
.getLocalGraphicsEnvironment();
try {
final Method method = GraphicsEnvironment.class.getMethod(
"getMaximumWindowBounds", (Class[]) null);
return (Rectangle) method.invoke(localGraphicsEnvironment,
(Object[]) null);
} catch (Exception e) {
}
final Dimension s = Toolkit.getDefaultToolkit().getScreenSize();
return new Rectangle(0, 0, s.width, s.height);
}
public static void centerFrameOnScreen(final Window frame) {
positionFrameOnScreen(frame, 0.5, 0.5);
}
public static void positionFrameOnScreen(final Window frame,
final double horizontalPercent, final double verticalPercent) {
final Rectangle s = getMaximumWindowBounds();
final Dimension f = frame.getSize();
final int w = Math.max(s.width - f.width, 0);
final int h = Math.max(s.height - f.height, 0);
final int x = (int) (horizontalPercent * w) + s.x;
final int y = (int) (verticalPercent * h) + s.y;
frame.setBounds(x, y, f.width, f.height);
}
public static void positionFrameRandomly(final Window frame) {
positionFrameOnScreen(frame, Math.random(), Math.random());
}
public static void centerDialogInParent(final Dialog dialog) {
positionDialogRelativeToParent(dialog, 0.5, 0.5);
}
public static void positionDialogRelativeToParent(final Dialog dialog,
final double horizontalPercent, final double verticalPercent) {
final Dimension d = dialog.getSize();
final Container parent = dialog.getParent();
final Dimension p = parent.getSize();
final int baseX = parent.getX() - d.width;
final int baseY = parent.getY() - d.height;
final int w = d.width + p.width;
final int h = d.height + p.height;
int x = baseX + (int) (horizontalPercent * w);
int y = baseY + (int) (verticalPercent * h);
final Rectangle s = getMaximumWindowBounds();
x = Math.min(x, (s.width - d.width));
x = Math.max(x, 0);
y = Math.min(y, (s.height - d.height));
y = Math.max(y, 0);
dialog.setBounds(x + s.x, y + s.y, d.width, d.height);
}
}
My Groups
-
FLOSS Free Libre Open Source Software Updated: Dec 24, 2009
-
Java Updated: Dec 19, 2009
-
FLOSS S/W Dev Updated: Dec 17, 2009
Neighborhood
Explore friends, family, friends & family, or entire neighborhood.
