#12 Security issue with Alt + Mouse Scroll

v1.0 (example)

Safe Exam Can be navigated forward and backward using ALt + mouse scroll.
We use SEB with Moodle. One of the way of using such navigation is to list all needed sites in own user profile description field before exam, and then go to profile (profile link is always visible during quiz), then to any needed site, and then return to exam with alt+scroll.
In 1.5.1 version on widows XP external sites links shows some javascript error, but opens in new window. Such windows can be navigated with alt+tab, making every site accessible even without alt+scroll.

As i think the solution is to disable any access to sites, not listed in seb.ini. Or if it's alredy done, it is done with errors, because sites opens in new windows

Vadim Dvorovenko Vadimon_at_mail.ru


  • Daniel Schneider

    • priority: 5 --> 7
  • Daniel Schneider

    We have to investigate how to stop ALT+mouse scroll navigation in SEB for Windows. SEB for Mac OS X 10.5 has an option to prevent navigating to pages visited before, something similar we also need in the Windows version.

    You are writing "profile link is always visible during quiz". This is wrong, if you use Moodle 1.9.x and in quiz settings Security -> Secure Browser -> Safe Exam Browser, then there is no profile link visible. Unfortunately this Secure Browser mode doesn't work in Moode 2.x. We are trying to get it fixed in the Moodle core again. We have ourselves made a workaround, see the demo quiz at http://moodle.ch/login/index.php (Login/password seb).

    We are planing to implement a URL filter (permitted list) in SEB, see our roadmap at http://www.safeexambrowser.org/about_roadmap_en.html

  • Daniel Schneider

    SEB 2.0.2 has the option "Enable Alt-Mousewheel", default is disabled (see Config Tool -> Hooked Keys).

  • Daniel Schneider

    • status: open --> closed
    • Group: --> v1.0 (example)

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks