Query: Access between Applications (Moodle/Wordpress) On Same Server


#1

Hello and welcome to a corporate dilemma with a billionaire investor in the middle. We are not a tech company, which is why I (a designer) have to scrape together IT help where I can find it. I know this is more of a general query not directly related to my Dreamhost account. Your help would be much appreciated in the education community.

Say I’m the owner of some server space that runs Wordpress alongside Moodle (an LMS similar to Blackboard). Is there a solution that would allow the publisher of the Moodle content (someone who is not me) to keep their content secure, accessible only to them, with both applications under the same domain?

I suppose this is a question concerning the Moodle backend, as well as server architecture. In theory, there would be nothing to prevent me, the owner of the hosting, from accessing/modifying all the Moodle content via the FTP/whathaveyou, correct? Or is it possible that Moodle is engineered in such a way that access is solely available via the backend?

In Wordpress, even if I don’t have a Wordpress admin account, I can still modify the Wordpress content via the FTP. Could the same true for Moodle?


#2

I’m not very familiar with Moodle’s architecture but I have no reason to believe that the administrator of a server can do pretty much anything on Moodle’s data, just like Wordpress. Even if Moodle had a way to encrypt data submitted by the author of a course (an excercise, for example) and store the data encrypted, there would be no way for that author to prevent a rogue administrator to delete the data. So… maybe you want to discuss trust and legal frameworks first with your clients, before thinking of technology?


#3

Quite simply, yes. Unlike WordPress, however, Moodle stores its installation in the root, but also stores data outside the root, where it is not accessible via the web.

You really do need ftp access to install Moodle and non-core components (additional assignment types, modules, etc.). You can also install and upgrade Moodle via the command line, which is also a [em]lot[/em] faster that ftp. But either way, you need that backend access. But really, they just need to trust that you aren’t going to go in and mess things up. Placing Moodle in a subdirectory would allow you to grant access to a different ftp user account, which you would only need to use for initial install and setup. That way, if you were using your regular ftp user account, even if you did something accidentally, you couldn’t mess up the Moodle install, since you wouldn’t have access to it under your regular ftp user account. I hope that makes sense to you.