Configurations made on Moodle GUI doesn't include signature?

[Hyrla]

Hello,

I am trying to improve our usage of Safe Exam Browser on our Moodle. May be I misconfigured something but it looks like any student can edit freely any exam configuration file because there is no signature inside the config. This makes SEB totally useless for us :(

Is there something we missed in the Moodle configuration?

Here is our setup:

• Moodle 4.5.5+ (Build: 20250718)
• Safe Exam Browser plugin (quizaccess_seb) version 2024100701
• BYOD clients, both Windows and macOS

[danschlet]

It doesn't sound like you're using SEB Server, you just use the Safe Exam Browser integration in Moodle?

When you're using the options in the Safe Exam Browser section in Moodle quiz settings "Yes - configure manually" or "Yes - upload your own config", then Moodle will compare the settings every SEB client is using with the ones you configured for the quiz. If the client uses modified settings, they won't get access to the quiz. This is a quite secure server-side check for the configuration used by SEB clients. It doesn't check the integrity of the SEB clients though. If you want to catch modified SEB versions, you would need to use the Browser Exam Key (for that you would need to download the config for the quiz from the Moodle quiz start page, load it into the SEB Configuration Tool or in-app Settings in each supported SEB client version and then copy-paste the hash string of the Browser Exam Key into the Browser Keys field in Moodle's quiz settings.

What you're calling "signature" is actually a password (or certificate) encryption of the SEB config. As that is only tested client-side, it is not as secure as it might seem (as soon as you communicate the exam settings password, the config can be decrypted and modified). Way more important is always a sever-side check.

[Hyrla]

Hello @danschlet and thank you for your reply. Indeed, I use SEB integration in Moodle, where was I supposed to post my issue?

About the manual configuration in Moodle (by doing "Yes - upload your own config"), is doing so will force the students to have a specific SEB version with a specific operating system? (this was what I thought). May be I am misunderstanding the different security mechanisms ?

Manual configuration in Moodle (made by using "Yes - configure manually") is not enforcing the SEB settings. I am able to edit the .seb file downloaded from Moodle and edit every field I want and still attempt the quizz as normal. This is my issue...

[danschlet]

We are not responsible for the Moodle - SEB integration. Its documentation can be found here.

If you have Moodle-specific questions, the Moodle forums at moodle.org are the right spot.

Regarding version restriction: That's not really supported by Moodle. SEB for Windows supports client-side settings for allowed versions, you would need to configure those in the SEB Configuration Tool and upload it to the Moodle quiz. SEB for macOS/iOS currently don't support such restrictions (we don't have enough development resources and have to prioritize).

You can though use the Browser Exam Key, which needs to be copy-pasted for each supported SEB version (number and platform) from the SEB Configuration Tool (Windows) / in-app SEB Settings (macOS/iOS) to the allowed Browser Keys field in a Moodle quiz. Then Moodle also checks for the integrity and version of SEB clients.

To our knowledge, manual configuration in Moodle should correctly restrict access to the quiz. Are you aware that you have to use the Student Role, if you're using the Teacher Role, access is not restricted! If it's still not working, then it would be a bug in Moodle, then create a bug report at moodle.org.