Skip to content

Security

The security requirements may vary depending on the institution. In the system-wide security settings you can therefore set the required level of security, taking into account the risks involved.

Configuration tab

login_security_tab_config_v1_de.png

Force file download to folder: Select this security function to always download files in the folder component and never open them directly in the browser. This prevents any cross-site scripting (XSS) attacks. If this function is activated, HTML pages stored in folders are also downloaded as files and no longer opened directly in the browser. The course element “HTML page” is not affected by this mechanism.

Prevent frame embedding: Select this security function to prevent OpenOlat from loading in a frame or iFrame. This prevents any cross-frame scripting attacks (XFS). If this function is activated, you cannot embed OpenOlat in an existing website using frames.

To the top of the page ^

Tab Content security policy log

login_security_tab_csp-log_v1_de.png

To the top of the page ^

Tab Media Server

The media servers released for OpenOlat can be defined here.

login_security_tab_mediaserver_v1_de.png

To the top of the page ^