In this chapter we learned a lot about the Moodle user model. Major security holes in the logon process were covered, along with ways of closing them. You learned about session hijacking, dictionary attack, and ways of fighting against them. We mentioned the most commonly used types of authentication. A clear and exact procedure of configuring and securing those plugins was presented. The final outcome of all this is a much more secure logon/authentication procedure.

There is still a long road ahead of us. We protected the entrance door to your fortress but now we need to focus on internal security. Next stop—Roles and Permissions.