Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-19145

Moodle extension for Safe Exam Browser


    • Icon: New Feature New Feature
    • Resolution: Fixed
    • Icon: Minor Minor
    • 1.9.6
    • 1.9.4
    • Quiz
    • None
    • Any
    • Any

      The university of Giessen and the ETH Zurich developed a software for secure online exams called "Safe Exam Browser" (http://www.safeexambrowser.org). This open-source software comes with an extension for Moodle. Features:

      • Fullscreen mode (without any navigation elements).
      • Prohibits close or leave the window with the quiz
      • Disables shortcuts/keys as Win, Ctrl+Alt+Del, Alt+F4, F1, Ctrl+p, Printscreen, ...
      • Disables right-click
      • Disables switch to other applications
      • Prohibits surf the internet

      Extension for Moodle quiz:

      • Disables navigation to other resources in the Moodle quiz
      • Assures that a quiz can be taken with the Safe Exam Browser exclusively
      • Adds a new entry in the security settings of a quiz in Moodle (see attachment)

      There is a discussion topic in the quiz forum of Moodle: http://moodle.org/mod/forum/discuss.php?d=111732

      T. Hunt reviewed a first version of the Moodle extension and gave us some inputs for improvements:

      >>> In principle, I am happy to add the necessary hooks to Moodle core
      >>> to support this, though it would require some changes to the current
      >>> patch first:
      >>> 1) We need an overall admin setting
      >>> $CFG->enablesafebrowserintegration, probably under Administration ->
      >>> Miscellaneous -> Experimental for now, which is disabled by default.
      >>> That way, the new options only show up on sites where they might be
      >>> relevant.


      >>> 2) It would be nice to avoid having to change the database. I think
      >>> we should us the existing 'secure window' column (which is actually
      >>> called popup in the database). We should rename the setting (I can't
      >>> think of a good name now. 'Browser security' is the best I can do,
      >>> but I don't think it is good enough) with three settings:
      >>> - None
      >>> - Full screen pop-up with added JavsScript 'security'
      >>> - Require the use of the Safe browser
      >>> those would be stored as 0, 1, 2 in the existing database column.
      >>> The third option only appears if $CFG->enablesafebrowserintegration
      >>> is set.
      >>> That then requires reviewing all the checks on ->popup in the code
      >>> and changing them.

      Done. 'Browser security' seems a good suggestion for these settings.

      >>> 3) I don't think 'mod/quiz:manage' is the right capability for
      >>> avoiding the check. For secure window, we check 'mod/quiz:preview'


      >>> 4) I would move the user-agent check into a function in
      >>> mod/quiz/locallib.php, or even see whether we could user/modify the
      >>> existing browser check functions in weblib/moodlelib or wherever
      >>> they are.

      Done. The user-agent check is now a function in mod/quiz/locallib.php.

      >>> 5) The way you are hiding the breadcrumbs by injecting CSS into the
      >>> header is pretty ugly (and not very secure). Isn't the way the
      >>> existing secure window does it, but using a different call to
      >>> print_header, better?

      Done. The breadcrumbs are now hidden by calling a print_header with different parameters.

      >>> 6) Obviously, you don't have the '//START/END quiz_for_safe_browser'
      >>> comments in a patch intended for core code.


      >>> If you can
      >>> * get a patch that does that (especially the admin setting to turn
      >>> it off completely, and no database changes) attached to a tracker
      >>> issue,
      >>> * get at least some people to vote on that issue, and
      >>> * if you can make patches for both moodle 1.9 and 2.0, which will
      >>> necessarily be quite different, becuase I have been changing things.

      A patch of the extension for Moodle 1.9 and for Moodle 2.0 is attached to this issue.

            timhunt Tim Hunt
            raol Oliver Rahs
            9 Vote for this issue
            5 Start watching this issue


                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.