A Secure Web-Based Learning Management System Using Open

advertisement
A Secure Web-Based Learning Management
System Using Open Source Platform
K. M. Quamrul Ahsan, Q M Moinul Ahsan, M Abdus Sobhan
School of Engineering and Computer Science (SECS)
Independent University of Bangladesh, Dhaka, Bangladesh
E-mail: ahsankmquamrul@yahoo.com, moinulahsan2000@hotmail.com,
sobhan30@gmail.com
Digital and demographic factors discriminate the
users seeking health information online [2].
However, these distinctions could be blurred with
the impending emergence of online healthcare
solution through learning management system. This
provides the ample scope for change. With users
regularly turning on the web for health information
and the possibility of online health learning
management system, we are going to see a major
transformation in how people manage their health
[3].
Abstract— A Learning Management System is
aimed at managing an e-learning environment,
establishing the organization and delivery of content,
administrating resources and tracking learning
activities and results. LMS that are in use today are
either commercial products (e.g. WebCT, Blackboard)
or free open source products (e.g. moodle, claroline) or
customized software systems that serve the instructional
purposes of particular organizations. In this paper, it is
focused on Education sector in the concept of Digital
Bangladesh with a prototype course on Acupressure
where one can learn, teach, use as virtual class, give
quiz along with results and get certification after a
specific course completion.
Networked technology has and will continue
to have a profound impact on education around
the globe. It holds significant potential in
advancing the interactivity between learners and
Authors, in offering flexibility for the means of
learning, and in providing easy, one-stop
maintenance and reusability of resources
However, the educational community has much to
learn regarding how and in which ways technology
can enhance the instructional process. While there
is a large amount of related literature devoted to
research on the impact of technology in education,
there is much that we don’t know about its
effectiveness.
Keywords— Learning Management System, LMS,
Content management System, CMS, Moodle,
Acupressure, E-Learning, Distant learning, Open
Source, Secure LMS.
I. INTRODUCTION
Learning Management Systems (LMS) are
specialized Learning Technology Systems (LTS)
based on the state-of-the-art Internet and WWW
technologies in order to provide education and
training following the open and distance learning
paradigm. Moore and Carlson, argue that the design
and implementation of such systems is not an easy
task, since they are complex systems that
incorporate
a
variety
of
organizational,
administrative, instructional and technological
components.
The
new
and
innovative
technology
infrastructure in the area of education are
Learning
Management
Systems
(LMSs),
hypermedia environments that provide an
integrated platform for online learning by
enabling the management, delivery and tracking
of mixed learning (i.e., online and traditional
classroom). LMSs have been widely used for
educational and training purposes not only
because they have been advertised as the state of
the art learning technology, but also because they:
Medication information is an important
component of the care process. It is not always
available in the correct content and format when
and where needed. Health information on the World
Wide Web has surged ahead in recent years.
Though the availability of this information and its
use has affected certain aspects of healthcare
delivery [1], this wealth of information has not been
fully exploited.
• Alleviate the constraints of time and place of
learning,
• Provide an excellent degree of flexibility
concerning the way of learning,
92
National Conference on Communication and Information Security (NCCIS 2012)
Daffodil International University, Dhaka, Bangladesh, 31 March 2012.
• Support advanced interactivity between tutors
and learners, and
4) Quiz Content:
Quiz is needed in every class since it is a
practical oriented learning. Quiz will help the
learner to get the better picture and practice in the
learning process. It is also needed to create a
question bank so that in every quiz there will be
different and randomized question for better
learning.
• Grant one-stop maintenance and reusability
of resources.
Some of the keywords related to our project are
‘web based LMS’, ‘E-learning management
system’,
‘Learning
management
system’,
‘Acupressure learning’, ‘Acupressure Training’
and many more advanced search option to get the
best possible profound relevance of the project. We
searched these using Google search engine, toggle
search engine, yahoo search engine and found
online web based learning management system on
acupressure host in some websites. These websites
provide paid services to its users and limited
services for registered (non-paid) users.
5) Certification:
On completion of all quizzes, a final exam of
multiple formatted question test is conducted with a
duration of thirty minutes. Each student/learner can
print/generate portable document file (pdf)
certificate with their name and date on it. This has
to provide for self-gratification and future reference.
B. Users
The focus of the LMS is placed in providing
teachers and students with the necessary IT tools
for accessing the educational material and
communicating with each other. The LMS is
considering more users rather than only teachers
and students. In each role, use case model is shown
to summarize the external interactions between use
cases and actors. User of the system will be able
to perform the following basic functions:
II. PROTOTYPE MODELING PLAN
From the project break down structure and
schedule, it is decided to analyze the relevant
learning management system for the Acupressure
therapy.
A.
Course Content
1) Brief description of Acupressure:
1) Student
To get the complete healthcare treatment we
need to know these:
It represents a role of a person who uses
learning resources to gain knowledge or skills.
The LMS is intended to provide students with
learning materials and make them communicate
with other users (student or teacher) by email, chat or internal email. Each student may
participate in more than one course and can access
the course materials. A student will perform the
following specific functions in the system:
•
View and/or download learning materials
•
View and/or download assessment
questions
•
Provide answers to self-test questions
•
View self-test performance report
i.
Physical ailment(Acupressure, Diet, Food
Habit)
ii.
Mental ailment (Thought process and
Perception )
iii.
Spiritual ailment( Five Element theory and
Opening the Chakras)
2) Lecture in Document Files:
There are three types of courses offered, namely
all of the text content are more or less with the same
topic with different lengths. The course outline for
the learners to assess how much will be the learning
in detailed version. For each of the lecture, equal
portion of total lecture content is provided word
document, power point presentation and portable
data file (pdf). Each of the lectures is evaluated by a
15 minute quiz.
2) Teacher
Teachers are registered to use the LMS by the
System administrator. Some competent teachers
will provide learning materials as per their area of
specialization. Then these learning materials will
be uploaded into the learning material repository
centrally by the content administrator. In this view,
teachers will make use of the system just like
students to access learning materials, though they
will be having extra privileges like accessing
reference answers if available to the given
3) Video Content:
To teach people with practical implementation of
the acupressure points to get better understanding in
web based learning management system, video
presentation are required for clear understanding of
pressure point location, stress and after effects.
93
chapter and topic exercises. A teacher will
perform the following specific functions in the
system given below:
View and/or download learning materials
View and/or download assessment questions
View and/or download reference answers for
all exercises
View student’s log-in history
View student’s interaction with learning
materials history
View student’s interaction with assessment
activities history
1) Use Moodle for learning management system.
Tried to install in the system with complete
package which is Moodle 1.9.8+. This package
comes with xampplite-win32-1.7., Apache,
MySQL and PHP. After testing at
www.keytoschool.com, It is decided to choose
the free hosting with 2.5 GB of space along
with the domain as the link of that host.
2) For content, it is used the 3rd party file sharing
system application like Google- docs, Mozy
(www.mozy.com).
3) For video, it is used 3rd party API video sharing
at most popular YouTube (www.youtube.com).
3) System Administrator
System administrator is the overall in-charge of
the LMS. System administrator has complete
access to the LMS database, and monitors the use
of it. He/she manages system resources like user
accounts and assigns privileges. A system
administrator adds new system functions and
improves the existing ones. A system administrator
will perform the following specific functions in the
system.
4)
Used cake PHP framework for server end.
Object oriented approach could have been more
predictable, reusable and less time consuming
if we had sufficient expertise and we could
have surely done better by using use case
driven
requirements
specification
and
designing.
Moreover, due to cutting cost and time
optimization, it has been decided to go for free
hosting which was discussed earlier. Since the main
objective is to create a platform where one can have
the learning environment and to convey the
miraculous solution for humankind through acuhealthcare system.
4) Guest User
The guest user represents any user who is not
registered in the system. This category is
essentially for motivation purposes. Guest user
will not have the rights/privileges like registered
user. The usage of the system will be limited.
He/she will be allowed to view a list of courses
available in the system, table of contents, syllabus,
objectives of the courses if any is available and
any other information relevant to the public.
III.
IMPLEMENTATION
A. Introduction
There are a lot of results in the field of software
engineering concerning the question on how to
represent systems and how to build a base for
communication between the developer and the
user of a software system . In order to manage the
return investment in ICT for education, here
referred to learning management system (LMS), it
is essential that the benefits, risks and cost
effectiveness of using new technology and new
media are well understood in the context of
application. An effective approach is to involve
users in establishing the expected use of ICT and
the benefit of it in education.
C. Choice of Platform
Through making a compare and analysis of
the most popular seven open-source Learning
Management system Platforms, the features of
these systems are summarize from six different
aspects which are logistic managements,
educational resource managements, curriculum
managements, cooperative managements, value
managements and assistant tools. The idiographic
project of choosing these systems is also evaluated,
especially for the concrete goal and environment,
such as more attention on course management and
value managements. At the end of paper, there is a
sum-up of these systems, which suggest the shortcomings of these systems, such as the lack of
diagnostic assessment, the simplex of Knowledgeoriented, and the deletion of personalized functions.
B. Description of Module
The learning management system (LMS) is a
client server; Web based system with three-tier
architecture [4]. The system will consist of three
major components: the MySQL database server
that stores all the information and data needed
including the means to link to the learning content
repository, the apache application server that
control the communication (basic system
Following are the summary of approaches for
underlying reasons:
94
National Conference on Communication and Information Security (NCCIS 2012)
Daffodil International University, Dhaka, Bangladesh, 31 March 2012.
database, querying and updating it where
required. Database server will also maintain data
constraints and integrity and the restriction of
unauthorized access. Multiple data interfaces,
views, reports and the provision of backup and
recovery will also be implemented.
functionalities) and the client that is used by
users in order to access data from the server
(Web interface accessible via standard Web
browsers). These three components will be
networked to facilitate communication among
them. Three-tier architecture has the following
specific advantages
Application server, database server and
learning material repository will be centrally
placed at a Laptop. Distributed users will be able to
browse learning materials using any standard Web
browsers through application server. At Key-toSchool, they use their experience of Moodle hosting
of large sites to build a rewarding E-learning
experience for students. They keep the OS and
application infrastructure layer fine-tuned for
Moodle at all times to allow good performance and
allowing you to use maximum features of Moodle.
They ensure that their server runs the most stable
and secure versions of Apache, PHP, MySQL and
other backend software to keep our installation
future-proof while offering maximum flexibility in
case you need to upgrade our installation. Moodle
2.0 will require minimum PHP 5.2, which their
servers already run.
•
It is easy to modify or replace any tier
without affecting the other tiers
•
Separating application and
functionality means better load balancing
database
•
Adequate security policies can be
enforced with the server tier without hindering the
clients. The architecture will consist of the
following:
1) The Client Tier:
Also known as the user interface layer will
run the end-user’s computer. The client provides
the user interface for the Web-based application. It
is a front-end layer. Using a computer, the user
will access database through the Web server. The
access to the computer will be possible by using
created Web pages through any standard Web
browser
which
support
HTML,XHTML,
JavaScript, and cascading style system (CSS) Web
technologies.
C. Course Integration
Integrated 3 different lengths of courses on
Acupressure, they are:
1) Long Course
2 ) The A pplication Tier:
Will be responsible for interacting with the
client in one side and the databases (database
server and content repository) in another
side. Application tier receives and processes
data requests from the client, retrieves
information (data) from database if any needed,
generates a client response and store necessary
data into the database. Application tier provide
Web services and the data streaming services.
Apache Web server to be used will be
running in LINUX platform. A server side
scripting language to be used is PHP and it will
be used to connect to the back-end (database).
3) The Database Tier:
This is the detailed describes course on
acupressure as the physical ailment, perception and
thought process as the mental ailment and 7 chakra
opening, 12 meridian and meditation as the spiritual
ailment. There is total of eight classes. Each class is
followed by a 15 minutes quiz. Student can attempt
only twice with each of the quizzes. First three
classes are to give only the acupressure points and
their common symptoms and remedy to earn their
proper attention towards the other two more
important phases. From fourth class, the
acupressure points description along with
interesting facts on perception and thought
processes.
It is the place where data will be stored. The
database server maintains the data needed for the
Web application. It is a back-end layer. It will store
data (including links to learning content
repository) and control the basic system
functionality. This tier may run on a separate
server called the database server. MySQL
database running in Windows platform is used in
this case. Database server is responsible for
providing a number of functionalities to the
application layer (server), like; creation of the
Furthermore, it has included the ultimate remedy
for both physical and mental ailment, 7 Chakra
opening and Meditation technique from beginners
to advance level. On the last class, a final quiz to be
certified as acupressure therapist. Final quiz will
have total of 60 questions with 30 minutes of
timeline. Question format will be discussed on the
quiz integration in the later section.
2) Short Course
This course has a total of four lectures and four
95
quizzes. I have given emphasize on the Acupressure
techniques. Brief content is given on mental and
spiritual ailment.
3) Crash Course
E. Server Setup
System implementation has been completed after
finishing the integrating phase. As part of the
implementation the following are reported. Hosting
the learning management system in an intranet
server with domain named www.acuhealthbd.com.
In the prototype, it has fashioned multiple
administrator accounts, guest and respondent
accounts, crafted quizzes, course outlines, different
types of courses such as long, short and crash, built
content for the best possible learning and training
environment.
This is the shortest course amongst all. There are
only two lectures and two quizzes. Mainly, I have
given the elaborate thirty-eight Acupressure points.
D. Quiz Integration
Since Moodle has the unique features of various
types of question formats. This prototype has used
almost all types of question format except the short
answer formats. Here is the list of question formats:
1) Aiken format: This is the .txt format multiple
choice question uploaded by the teacher.
2) Drag and Drop Question: This is a very
interactive quiz format where you have to drag
the right answer to the right question.
3) Text button multiple choice: to get the right
answer from the multiple choice answer
4) True false: click the true or false button to
choose the right answer.
5) Drag and Drop matching: To match the rights
answer in ordered format.
6) Ordering: to order the given points in
ascending order.
The LMS was installed by installing apache,
MySQL and phpMyAdmin by using open source
web server installer “xampplite-win32-1.7.1”. A
database named “server” was created and a user and
administrator were created to provide access to this
database, by using the SQL code running section of
phpMyAdmin, the administration panel of MySQL
database. These are all done by the hosting site at
key-to-school.
F. Interface Views
The interface views are categorizes in 3 levels
are given below:
Module View
Fig. 1 System login interface
1)
Administrators View
96
National Conference on Communication and Information Security (NCCIS 2012)
Daffodil International University, Dhaka, Bangladesh, 31 March 2012.
Fig 2 Administrators activity module interface
IV.
SECURITY
There are a few security issues have been
detected and most of them are patched accordingly.
Whatever is encrypted can be decrypted but which
are hashed cannot be decrypted. Passwords are
stored in Moodle in an encrypted form, called an
‘md5 hash’[5]. Password salting is a way of making
passwords more secure by adding a random string
of characters to passwords before their md5 hash is
calculated, which makes them harder to reverse (the
longer the random string, the harder you make it).
There was another issue about hidden spam links
but moodle 1.9.8 fixed that bug.
Recommendation for Enhanced Security:
•
Update Moodle regularly on each release.
97
•
Published security holes draw crackers
attention after release. The older the version,
the more vulnerabilities it is likely to contain.
•
Register globals MUST be disabled! This
will help prevent against possible XSS
problems in third-party scripts.
•
Use strong passwords
teachers.
•
Choosing "difficult" passwords is a basic
security practice to protect against "brute
force" cracking of accounts.
•
Only give teacher accounts to trusted users.
Avoid creating public sandboxes with free
teacher accounts on production servers.
for
admin and
•
Teacher accounts have much freer permissions
and it is easier to create situations where data
can be abused or stolen.
•
Separate the systems as much as possible.
•
Another basic security technique is to use
different passwords on different systems, use
different machines for different services and so
on. This will prevent damage being widespread
even if one account or one server is
compromised.
•
Security experts recommend a dual firewall
differing hardware/software combination.
•
Disabling unused services is often as effective
as a firewall.
•
Use netstat –a to review open network ports.
•
Allow ports
Digital Bangladesh, we definitely need to improve
our education sector with the international standard
and this prototype can be a step to achieve the goal.
VI. SCOPE FOR FUTURE WORK
Learning
Management
System
(LMS)
technology is currently widely deployed across
Countries. However, the full benefits of this
technology are yet to be realized.
This could have done more beautiful and
effective if we could give more qualitative time in
it. The following can be done for further work
80, 443(ssl), and 9111 (for chat),
•
Can be implemented at any school for online
Exam, Quiz, Assignment submission, Parent
counseling, teacher evaluation and many more.
•
The videos can made more attractive and clear
if we can record it in professional studio or
with professional touch.
•
Lighting and script can be written more
specific.
•
Quiz question bank can be made by putting
tons of effective and interactive questions.
Remote admin: ssh 22, or rdp 3389
•
Have backups ready.
•
Practice recovery procedures ahead of time.
•
•
Make provision for short questions.
Use a rootkit detectory on a regular basis
•
•
Linux/MacOSX - http://www.chkrootkit.org/
Can make customized banner for header and
footer
•
Windows for help
http://www.sysinternals.com/Utilities/RootkitR
evealer.html
•
Can make the system as a paid system through
PayPal.
•
Send text automatically for any update and
notifications.
•
More secured database and compatibility with
web 2.0.
V. SUMMERY
Open source Learning Management System
platforms have played a vital role in the teaching
on the Internet, though there are still many
insufficient. The development of open source
Learning Management System platforms is a
continually explore and improve process, and we
trust that with the improvement of the theoretical
and the development of technology, it will bring us
more surprises.
REFERENCES
[1]
[2]
In the Project, the joining of acuhealth with
LMS platform makes the miraculous health care
treatment to the next step. It is highly applicable to
all persons at all ages and it can be given to any
School with Education content for better Teacher,
Student, and parent interaction. In the paper, the
prototype is made only to show how the system can
reach to remote areas and people. The content
management system adds a tremendous value to the
site for better learning. If we really want to form a
[3]
[4]
[5]
98
M. McMullan, “Patients using the Internet to obtain
health information: How this affects the patienthealth professional relationship”, Patient Education
and Counseling, vol. 63, nos. 1-2, pp. 24-28, Oct.
2006.
R. E. Rice, “Influences, usage, and outcomes of
Internet health information searching: Multivariate
results from the Pew surveys”, Int. J. Med. Inform.,
vol. 75, no. 1, pp. 8-28, Jan. 2006.
R. Nelson, “The personal health record”, Am. J.
Nurs., vol. 107, no. 9, pp. 27-28, Sep. 2007.
K. Chen and D. X. Teng, “The Exploration of
Network Platform Based on Open Source LCMS,”
XuZhou Institute of Technology, vol. 4, pp.18–20,
April 2007.
http://docs.moodle.org/22/en/Password_salting
Download