Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-19145

Moodle extension for Safe Exam Browser

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.9.4
    • Fix Version/s: 1.9.6
    • Component/s: Quiz
    • Labels:
      None
    • Environment:
      Any
    • Database:
      Any
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_19_STABLE

      Description

      The university of Giessen and the ETH Zurich developed a software for secure online exams called "Safe Exam Browser" (http://www.safeexambrowser.org). This open-source software comes with an extension for Moodle. Features:

      • Fullscreen mode (without any navigation elements).
      • Prohibits close or leave the window with the quiz
      • Disables shortcuts/keys as Win, Ctrl+Alt+Del, Alt+F4, F1, Ctrl+p, Printscreen, ...
      • Disables right-click
      • Disables switch to other applications
      • Prohibits surf the internet

      Extension for Moodle quiz:

      • Disables navigation to other resources in the Moodle quiz
      • Assures that a quiz can be taken with the Safe Exam Browser exclusively
      • Adds a new entry in the security settings of a quiz in Moodle (see attachment)

      There is a discussion topic in the quiz forum of Moodle: http://moodle.org/mod/forum/discuss.php?d=111732

      T. Hunt reviewed a first version of the Moodle extension and gave us some inputs for improvements:

      >>> In principle, I am happy to add the necessary hooks to Moodle core
      >>> to support this, though it would require some changes to the current
      >>> patch first:
      >>>
      >>> 1) We need an overall admin setting
      >>> $CFG->enablesafebrowserintegration, probably under Administration ->
      >>> Miscellaneous -> Experimental for now, which is disabled by default.
      >>> That way, the new options only show up on sites where they might be
      >>> relevant.

      Done.

      >>> 2) It would be nice to avoid having to change the database. I think
      >>> we should us the existing 'secure window' column (which is actually
      >>> called popup in the database). We should rename the setting (I can't
      >>> think of a good name now. 'Browser security' is the best I can do,
      >>> but I don't think it is good enough) with three settings:
      >>> - None
      >>> - Full screen pop-up with added JavsScript 'security'
      >>> - Require the use of the Safe browser
      >>> those would be stored as 0, 1, 2 in the existing database column.
      >>> The third option only appears if $CFG->enablesafebrowserintegration
      >>> is set.
      >>> That then requires reviewing all the checks on ->popup in the code
      >>> and changing them.

      Done. 'Browser security' seems a good suggestion for these settings.

      >>> 3) I don't think 'mod/quiz:manage' is the right capability for
      >>> avoiding the check. For secure window, we check 'mod/quiz:preview'

      Done.

      >>> 4) I would move the user-agent check into a function in
      >>> mod/quiz/locallib.php, or even see whether we could user/modify the
      >>> existing browser check functions in weblib/moodlelib or wherever
      >>> they are.

      Done. The user-agent check is now a function in mod/quiz/locallib.php.

      >>> 5) The way you are hiding the breadcrumbs by injecting CSS into the
      >>> header is pretty ugly (and not very secure). Isn't the way the
      >>> existing secure window does it, but using a different call to
      >>> print_header, better?

      Done. The breadcrumbs are now hidden by calling a print_header with different parameters.

      >>> 6) Obviously, you don't have the '//START/END quiz_for_safe_browser'
      >>> comments in a patch intended for core code.

      Done.

      >>> If you can
      >>> * get a patch that does that (especially the admin setting to turn
      >>> it off completely, and no database changes) attached to a tracker
      >>> issue,
      >>> * get at least some people to vote on that issue, and
      >>> * if you can make patches for both moodle 1.9 and 2.0, which will
      >>> necessarily be quite different, becuase I have been changing things.

      A patch of the extension for Moodle 1.9 and for Moodle 2.0 is attached to this issue.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Votes:
                9 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  21/Oct/09