Details
Minor Description
The university of Giessen and the ETH Zurich developed a software for secure online exams called "Safe Exam Browser" (http://www.safeexambrowser.org). This open-source software comes with an extension for Moodle. Features:
- Fullscreen mode (without any navigation elements).
- Prohibits close or leave the window with the quiz
- Disables shortcuts/keys as Win, Ctrl+Alt+Del, Alt+F4, F1, Ctrl+p, Printscreen, ...
- Disables right-click
- Disables switch to other applications
- Prohibits surf the internet
Extension for Moodle quiz:
- Disables navigation to other resources in the Moodle quiz
- Assures that a quiz can be taken with the Safe Exam Browser exclusively
- Adds a new entry in the security settings of a quiz in Moodle (see attachment)
There is a discussion topic in the quiz forum of Moodle: http://moodle.org/mod/forum/discuss.php?d=111732
T. Hunt reviewed a first version of the Moodle extension and gave us some inputs for improvements:
>>> In principle, I am happy to add the necessary hooks to Moodle core
>>> to support this, though it would require some changes to the current
>>> patch first:
>>>
>>> 1) We need an overall admin setting
>>> $CFG->enablesafebrowserintegration, probably under Administration ->
>>> Miscellaneous -> Experimental for now, which is disabled by default.
>>> That way, the new options only show up on sites where they might be
>>> relevant.
Done.
>>> 2) It would be nice to avoid having to change the database. I think
>>> we should us the existing 'secure window' column (which is actually
>>> called popup in the database). We should rename the setting (I can't
>>> think of a good name now. 'Browser security' is the best I can do,
>>> but I don't think it is good enough) with three settings:
>>> - None
>>> - Full screen pop-up with added JavsScript 'security'
>>> - Require the use of the Safe browser
>>> those would be stored as 0, 1, 2 in the existing database column.
>>> The third option only appears if $CFG->enablesafebrowserintegration
>>> is set.
>>> That then requires reviewing all the checks on ->popup in the code
>>> and changing them.
Done. 'Browser security' seems a good suggestion for these settings.
>>> 3) I don't think 'mod/quiz:manage' is the right capability for
>>> avoiding the check. For secure window, we check 'mod/quiz:preview'
Done.
>>> 4) I would move the user-agent check into a function in
>>> mod/quiz/locallib.php, or even see whether we could user/modify the
>>> existing browser check functions in weblib/moodlelib or wherever
>>> they are.
Done. The user-agent check is now a function in mod/quiz/locallib.php.
>>> 5) The way you are hiding the breadcrumbs by injecting CSS into the
>>> header is pretty ugly (and not very secure). Isn't the way the
>>> existing secure window does it, but using a different call to
>>> print_header, better?
Done. The breadcrumbs are now hidden by calling a print_header with different parameters.
>>> 6) Obviously, you don't have the '//START/END quiz_for_safe_browser'
>>> comments in a patch intended for core code.
Done.
>>> If you can
>>> * get a patch that does that (especially the admin setting to turn
>>> it off completely, and no database changes) attached to a tracker
>>> issue,
>>> * get at least some people to vote on that issue, and
>>> * if you can make patches for both moodle 1.9 and 2.0, which will
>>> necessarily be quite different, becuase I have been changing things.
A patch of the extension for Moodle 1.9 and for Moodle 2.0 is attached to this issue.
