| Things to know about security |
| 1 | This online system software is working becaue the setup
in /etc/sudoers at the line: www-data ALL=(ALL) NOPASSWD: ALL where it allows php program running on this server can behave as a system root. System root may access any part of the system and even todelete the whole harddisk. Therefore, untrusted php code should not be allowed to run on this system. |
| 2 | Manage Online Test web is a program to add more test
web to the system. It's default setup is to be run only on
localhost where the system is on. However, this property can
be changed. If you allow this programm to be access from outside, you
must be careful. Unauthorized user may use it to manage the
test on the server. If this feature is necessary, you should
use a highly secured user and password pair to manage it,
i.e., long and not easy to guess. |
| 3 | On Teacher mode, specifying no on "Start/stop the exam at the same time", is suitable for some situation and/or some subject such as to practice doing the exam. This kind of test will allow test taker take the test any time and if solution is provided, he/she will see solutions and this can be passed to other test takers. |
| 4 | This online test is what to be used to replace a normal pencil-paper test. The test should start and stop at the same time. In the test room, there should be at least a proctor to walk around and watch to prevent test takers not to peek on each others. More than that is to prevent them from communicating via any online program. |
| 5 | Asking test takers to press F11 to enter fullscreen mode on the browser, will help the proctor to prevent test takers to use other program because using other program will need to switch window and that will be easily noticed when the proctor is behide the test takers. |
| 6 | On the client machine where the test taker will use, firewall should be set up to prevent any one of them to communicate by any program. |
| 7 | Teachers should not keep system data file, exam file and the
test result file on the test server but on their computers or other
movable storage devices securely because of security and
unexpected things may happen to the server when it is shared and
used by many people. |
| 8 | In case, this server is using for tests on many subjects, when finish one, after taking the result, deleting data of that test from the server should be a good practice. |