Details | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 13 | reyssat | 1 | <p> |
| 2 | Despite the fact that WIMS allows anonymous visitors to make online execution of various supportive softwares, or even native WIMS scripts (by writing them in documents and forum messages), the security risk is very low. During several years of the existence of the server with heavy duties, no successful attack has been registered. |
||
| 3 | |||
| 4 | The security of the system is based on two fundamental designs.<ol> |
||
| 5 | |||
| 6 | <li>All the supportive softwares are executed under a different uid, while sensitive data on the server are only accessible (read or write) to wims uid. Therefore accessing unauthorized data or damaging the installation via the execution of a supportive software cannot be easier than breaking the Linux uid barrier. |
||
| 7 | |||
| 8 | <li>In the scripting language of WIMS, commands and variables have associated access rights. It is impossible for untrusted codes to access unauthorized commands and variables. |
||
| 9 | |||
| 10 | </ol> |
||
| 11 | |||
| 12 | Another security aspect of the system is anti-cheating mechanisms in |
||
| 13 | \link{classes}{virtual classes}. First of all, the random variation of \link{exercises}{exercises} makes it impossible to copy the result of the neighbor. Then the design principle of server-side interactivity ensures that the good answer is always hidden in the server, and that there is no way for the student to get scores without submitting the good answer. Moreover, all the other cheating attempts (repeated query of a same exercise trying to get an easier version, simultaneous logins) will lead to appropriate penalties. |