A Comparative Study of MOODLE with other e-Learning Systems
Sheo Kumar #1, Anil Kumar Gankotiya#2
Dept. of Computer Science and Engineering
Raj Kumar Goel Institute of Technology for Women
Ghaziabad, India
sheokmr@gmail.com, anilgankotiya@ieee.org
Abstract E-learning provides the opportunity for student to
interact electronically with each other as well as with their
teachers. This interaction can be via e-mail or on discussion
board or in chat rooms. Though recognizing that the world at
large will persist to use language and terminology in different
ways, so the term of virtual learning environments (VLE) is
used to refer the on-line interactions for a variety of kinds that
take place between students and teachers. There are many
software systems available that provide VLE systems. This
software is in both forms, commercial and open source
software (OSS). Moodle is one of the systems that have been
increasingly gaining worldwide popularity in e-learning system.
This paper is focused on the Moodle Architecture and
comparative study of Moodle, thus we discusses comparisons
between different virtual learning management systems and
presents some authentication plug-in that Moodle supports.
The open source learning management, LMS Moodle has
been adopted by many people and organizations around the
world because it offers a tightly integrated set of tools said to
be designed from a social constructive perspective. Moodle has
been developed under the general public license and many of
its components were developed without a specific design
documentation including its security services.
Keywords: Moodle, Moodle Architecture, Virtual Learning
Environment, Open Source Software, Authentication plug-ins .
I. INTRODUCTION
It is usually accepted that there are two major knowledge
sharing system, the traditional system and the information
and communication technologies (ICTs) based system. One
of the knowledge sharing system that emerged from the use
of ICTs is the electronic learning. E-Learning is a
technology based learning in which learning materials are
delivered electronically to remote learner via computer
network. E-Learning may cover a large set of application,
system and process, such as e-Learning System, Web Based
learning and computer based learning. Basically ICT can be
used along with traditional face to face education. But its
use can also create mixed mode or even full online mode.
The primary learning management system or better
computer assisted instruction system was introduced in 1960
by university of Illinois and was called Plato[1]
(Programmed Logic for Automated Teaching Operation).
This system pioneered LMS key concept such as online
forums and message boards, online testing, email, chat
rooms, picture languages, instant messaging, remote screen
___________________________________
978-1-4244 -8679-3/11/$26.00 2011 IEEE
414
Dr. (Mrs.) Kamlesh Dutta#3
Dept. of Computer Science and Engineering
National Institute of Technology
Hamirpur, India
kdnith@gmail.com
sharing and multiplayer online games. After this pioneer
which was turned off in 2006, hundreds of similar systems
were introduced. Major milestone happened in 1997 when
WebCT 1.0 released and Blackboard was founded because
these two LMSs attracted millions of users. These days,
there are more than 150 different systems providing e-
learning services. But after WebCT and Blackboard second
milestone was LMS Moodle. This was introduced in 1998
and finally released in 2001. Moodle as Modular Object-
Oriented Dynamic Learning Environment soon imposed
itself as best solution and is becoming one of the most
common used learning management system. Data obtained
from official Moodle statics sites confirms the mentioned
fact. Moodle has an ability of tracking the learners progress,
which can be monitored by both teachers and learners. This
fact implicitly includes both security and privacy threats and
makes Moodle vulnerable system.
Moodle (Modular Object-Oriented Dynamic Learning
Environment) is known as a Course Management System
(CMS). Sometimes we also known as Learning
Management Systems (LMS) or Virtual Learning
Environment (VLE)) that provides educators tools to create
a course web site. It is used all over the world (193 countries)
by more of 400,000 registered users. Moodle is an open
source software e-learning platform. Moodle web page
provides developer information, roadmap, coding guide and
Concurrent Versioning System (CVS) guide to access its
source code and it has a long list of developers. It does not
provide a formal model for future development.
This paper is focused on the comparative study of Moodle,
therefore it discusses comparisons between different virtual
learning management systems, and presents some
Authentication plug-in that Moodle supports.
II. MOODLE ARCHITECTURE
This section will discuss Moodle architecture in order to
indicate weak and will focus worth points which could be
possible threats and vulnerabilities. Covering many
collaborative and learning fields, Moodle is composed from
independent modules; plug-ins. In order to ensure better
understanding of a whole Moodle architecture, these
modules will be presented in groups according to their
purpose or use. From this perspective, there are six groups
of modules are [2]-
A. Communication modules
B. Productivity modules
C. Student involvement modules
D. Administration modules
E. Course delivery modules
F. Curriculum design modules
A. Communication Module
These modules are backbones of all intra and extra
communication features. These modules include file
exchange, internal and external email discussion forums,
and real time chat. Among other possibilities, while using
discussion forums, users can include in their post, images
and direct URLs and different attachments. This feature, as
well as file exchange feature which allows assignment
submission, should be taken into consideration and observed
as possible week point for a few threats. Due to possible
insecure communication intruder could come into
possession of any data that is sent in any private
communication channel. Furthermore, insecure direct object
reference could allow intruder to come into possession of
any document he is not authorized for.
B. Productivity Modules
These modules include search module, calendar module,
help module, progress and review modules. While these
modules seem not to be threats, one issue must to be
annotated. Information leakage has to be firmly banned,
because otherwise anyone can see important data, or search
results he is not authorized for. For example student could
see (accidentally or with purpose) grades of his colleagues.
Besides this insecure direct object reference, information
leakage could also cause problems.
C. Student Involvement Module
Student involvement module includes workshop module
and group work module, along with student portfolio
module and self-assessment. After performing any earlier
mentioned illegal action intruder could either come into
possession of others data or change student or group-
relevant data on server. In addition, any system side threat
should also be carefully taken care of.
D. Administration Modules
Administration module must probably be most carefully
considered and paid attention to, because gaining access into
these modules results in having access in all other modules.
The well known authentication, course and user
authorization, registration integration and any other hosted
services module goes into this group. The authentication
modules allow Moodle to use POP3, NNTP, LDAP, IMAP
415
and other databases as sources for user information.
Discovering and fixing all security-related bugs in these
modules becomes crucial in any LMS development.
Intruders mostly attack modules in this group, often using
any known method and vulnerability. All encountered
threats should be taken into consideration in implementation
of authentication and other related modules.
E. Course Delivery Module
Course delivery modules are usually only authorized by
administrators and teacher for use and are probably second
most vulnerable group of modules. Representative modules
in this group are helpdesk module, online grading tools,
course management module, students tracking module and
finally automated and testing modules. Beside Omni-present
authentication attack threats, discussing course delivery
modules, we will focus on integrity attacks while these have
the purpose of unauthorized data change. Course
management module and online grading module should be
considered to be security safe on possible integrity attacks in
particular.
F. Curriculum Design Modules
This is finally last group of modules, used in curriculum
creation. Customization modules and course templates are
main representatives. As last group of modules presented,
they also have least negative impact as result of possible
attacks. Data changes reflect on curriculum design are easily
recognized and attackers usually do not have any particular
interest in compromising these modules, while they work is
usually acknowledged as more or less damaging or malign
joke.
III. COMPARATIVE STUDY BASED ON FEATURES
AND CAPABILITIES OF LMSS
Learning Management Systems have many features and
abilities expected from e-learning, forums, content
management, quizzes with different kinds of questions, and
a number of activity modules [3]. Table I below shows, the
comparison has two answers, Y or N, Y means the product
has the feature and N means the product does not. LMSs, as
e-learning systems, have many features and capabilities but
in order to make simpler and simplify the comparison, Ajlan
and Zedan [4] have divided these features and capabilities
into three parts, which are Learner Tools, Support Tools and
Technical Tools, as in Tables II, III and IV.
A. Learners Tools
These tools hold three kinds of tools, which are
Communication Tools, Productivity Tools and Student
Involvement Tools. Each kind of Learner Tool contains
various features [5] and capabilities, and each product has
some of them, as in Table 1.
 TABLE I. COMPARISION BETWEEN THE SOME LMS
PRODUCT BASED ON LEARNER TOOLS
As we can see in Table I, the comparison between the
VLE products is based on Learner Tools. Four products are
shown to be the best with almost the maximum number of
features - 15 out of 16 features or capabilities of Learner
Tools. These products are Moodle, Desire2Learn, ANGEL
Learning Management Suite, and Sakai. The Claroline 1.6
product has the minimum features and capabilities of
Learner Tools, missing 5 out of 16 features and capabilities.
KEWL, eCollege and The Blackboard Learning System
platforms have missed 2 out of 16. Moodle is the best with
three products missing only one feature. Overall the best
OSSs are Moodle and Sakai respectively, which missed 1
out of 16 Learner Tools.
B. Support Tools
TABLE II. COMPARASION BETWEEN SOME LMSS BASED ON
SUPPORT TOOLS
416
These phases contain three kinds of tools, which are
Administration Tools, Course Delivery Tools, and Content
Development Tools; all kinds of Support Tools have
features and capabilities, as in table II.
We can see in Table II, the comparison between the VLE
products is based on Support Tools. In this phase, all
products have all features and capabilities except eCollege,
Dokeos 2.1.1 and The Blackboard Learning System (V.7).
This means that Moodle and the other remaining products
are strong on Support Tools.
C. Technical Specification Tools
These tools hold two kinds of tools, which are
Hardware/Software tools and Pricing/Licensing [6]. All
kinds of Support Tools have some features and capabilities,
as in table III The Costs feature is different from other
features because if the product has no cost, it means that
product has an advantage and we calculate it as Yes (Y). For
example, in table III Moodle has two N and we calculated N
of cost as Y, so in the final score Moodle has missed just
one feature.
TABLE III. COMPARASION BETWEEN SOME LMSS BASED ON
TECHNICAL SPECIFICATION TOOLS
We can see in Table III, the comparison is based on
Technical Specifications Tools. In this phase, the best
products are Moodle 1.8, Sakai 2.3.1 and OLAT, which
have missed only 1 out of 8 Technical Specifications Tools,
and then Desire2Learn 8.1, The Blackboard Learning
System and Dokeos 2.1.1, which missed 2 out of 8. The
weakest products are KEWL and Claroline 1.6, which
missed 4 out of 8 Technical Specifications Tools.
TABLE IV. COMPARASION BASED ON TECHNICAL ASPECT
OF THE LMSS
Table IV shows that Atutor, while strong in features and
usability, has serious architectural Limitations and, although
some features in Atutor warrant further investigation, it may
be that candidates will option for Moodle. Moodle has a
good architecture, implementation, inter-operability, and
internationalization, and also has the strength of the
community. It is free and its Accessibility is average. On the
other hand, it has limitations, notably lack of SCORM
support, and its roles and permissions system is limited.
However, these limitations can be fixed, and are part of the
project roadmap [5].
D. Comparative Study Based on the Technical Aspect of
the LMS Plateform
The comparison between the systems is based on
technical categories [4]. All LMS systems will be compared
with the Moodle system as part of our study. Some of the
technical aspects of e-learning are shown in table IV. It
displays a comparison between Moodle and two VLE
systems. Moodle has a good architecture, implementation,
inter-operability, and internationalization, and also has the
strength of the community. It is free and its accessibility is
average. On the other hand, it has limitations, notably lack
of SCORM support, and its roles and permissions system is
limited. However, these limitations can be fixed, and are
part of the project roadmap.
IV. MOODLE MANAGES DIFFERENT
AUTHENTICATION PLUG-INS
In this section we present different plug-ins that manages
authentication for Moodle. All authentication plug-ins that
Moodle support are briefly discuss below [5]-
A. Email Based Self Ragistration
Email confirmation is the default authentication method.
When the user signs up, choosing their own new username
and password, a confirmation email is sent to the user's
email address [5]. This email contains a secure link to a
page where the user can confirm their account. Future logins
just check the username and password against the stored
values in the Moodle database.
B. Central Authentication Service
CAS [7] is a single sign-on protocol for the web. Its
purpose is to permit a user to access multiple applications
while providing their credentials only once. It also allows
web applications to authenticate users without gaining
access to a user's security credentials, such as a password.
The CAS protocol involves at least three parties- a client
web browser, the web application requesting authentication,
and the CAS server. It may also involve a back-end service,
such as a database server, that does not have its own HTTP
interface but communicates with a web application.
417
C. Remote Authentication Dial In User Service(RADIUS)
RADIUS [8] is a networking protocol that provides
centralized Authentication, Authorization, and Accounting
(AAA) management for computers to connect and use a
network service. RADIUS is a client/server protocol that
runs in the application layer, using UDP as transport. The
the Virtual Private Network server, Remote Access Server,
the Network Access Server, and the Network switch with
port-based authentication, are all gateways that control
access to the network, and all have a RADIUS client
component that communicates with the RADIUS server.
The RADIUS server is usually a background process
running on a UNIX or Windows NT machine. RADIUS
serves three functions.
To authenticate users or devices before granting
them access to a network,
To authorize those users or devices for certain
network services and
To account for usage of those services.
D. Internet Message Access Protocol
IMAP [9] is an Application Layer Internet protocol that
allows an e-mail client to access e-mail on a remote mail
server. IMAP supports both on-line and off-line modes of
operation. E-mail clients using IMAP generally leave
messages on the server until the user explicitly deletes them.
This and other characteristics of IMAP operation allow
multiple clients to manage the same mailbox. Most e-mail
clients support IMAP in addition to POP to retrieve
messages. However, fewer email services support IMAP.
IMAP offers access to the mail store. Clients may store local
copies of the messages, but these are considered to be a
temporary cache.
E. Post Office Protocol(POP)
POP3 [10] Pull Service (PPS) is a plug-in for Email
Architect Email Server. Its main function is to retrieve
emails from specified email accounts of other POP3 servers
and forward those emails to specified local users of Email
Architect Email Server.
F. Lightweight Direvtory Access protocol(LDAP)
LDAP [11] is a protocol defining a directory service and
access to that service. LDAP is based on a client-server
model. LDAP servers provide the directory service, and
LDAP clients use the directory service to access entries and
attributes. The LDAP protocol also defines a simple method
for authentication. LDAP servers can be set up to restrict
permissions to the directory. Before an LDAP client can
perform an operation on an LDAP server, the client must
authenticate itself to the server by supplying a distinguished
name and password. If the user identified by the
distinguished name does not have permission to perform the
operation, the server does not execute the operation.
G. Shibboleth
The Shibboleth [12] System is a standard based, open
source software package for web single sign-on across or
within organizational boundaries. It allows sites to make
informed authorization decisions for individual access of
protected online resources in a privacy-preserving manner.
H. Network News Transfer Protocol(NNTP)
NNTP [13] has the effect of broadcasting every message
to every site, in contrast to email protocols which send
messages to specific sites, and HTTP, which only transfers
the information on demand by the reader. An NNTP server
is set up by its system manager to know about some (at least
one) nearby servers. With these servers, there is an
arrangement that they will pass news to each other.
Sometimes this arrangement is limited to certain news
groups. Articles can be passed in both directions, and the
servers compare article message-id headers to see whether
they have any new news for each other.
I. External Database
We use an external database [5] to control your
enrolments. It is assumed your external database contains a
field containing a course ID, a field containing a user ID,
and optionally a field containing a role. These are compared
against fields that you choose in the local course, user tables,
and role tables.
J. FirstClass
First Class [14] is a client/server groupware, email,
online conferencing, voice/fax services, and bulletin-board
system for Windows, Macintosh, and Linux. First Classs
primary markets are the higher-education and K-12
education sectors, including four of the top ten largest
school districts in the United States.
K. Pluggable Authentication Modules(PAM)
PAM [15] is a mechanism to integrate multiple low-level
authentication schemes into a high-level application
programming interface (API). It allows programs that rely
on authentication to be written independent of the
underlying authentication scheme.
418
V. CONCLUSION AND FUTURE WORK
Moodle is a kind of e-learning system and it is now
widely used all over the world by companies, independent
educators, schools, institutes, universities, and home
schooling parents. It has great potential for creating a
successful e-learning experience by providing an abundance
of excellent tools that can be used to enhance conventional
classroom instruction in any e-learning system. This paper
has made a comparative study between Moodle and other e-
learning systems, and this was based on two kinds of
comparison. The first phase was based on the Architecture
of Moodle and other e-learning system, and the second
phase was based on the technical aspects of Moodle and
other e-learning system. From this paper, we aimed to
discover the best and most suitable choice of e-learning
system. we have succeeded in finding that optimal e-
learning platform, and it is Moodle. This paper has
presented the work that has been done to date. The future
work is to work hard within Moodle and authenticate it. To
create more secure and reliable learning environment, it is
essential to remove all the security flaws of the Moodle. In
this paper, we focus on the authentication attack. This work
can be extended by addressing other security issues of the
Moodle.
REFERENCES
[1] Z., Stapi, T. Orehovaki, M. ani,Determination of Optimal
Security Settings for LMS Moodle, in: Proceedings of 31st MIPRO
International Convention on Information Systems Security, Vol. 5,
Opatija, 2008, pp. 84.-89.
[2] EduTools [Online], ArchiveCMS: Product Comparison System,
2008, Retrieved January 10 2008,URL:
http://www.edutools.info/compare.jsp?pj=8&i=358I.
[3] M. Zenha-Rela and R. Carvalho,Work in Progress: Self Evaluation
Through Monitored Peer Review Using the Moodle Platform, in
Frontiers in Education Conference, 36th Annual., San Diego, CA:
IEEE, 2006,pp. 230-241.
[4] A. Al-Ajlan, H. Zedan, Why Moodle in: 12th IEEE International
Workshop on Future Trends of Distributed Computing Systems,
2008,pp. 58-64.
[5] M. Dougiamas. Moodle. 2008, www.Moodle.org
[6] EduTools. Course Management Systems. 2007 Available from:
http://www.edutools.info/..
[7] http://en.wikipedia.org/wiki/Central_Authentication_Service
[8] http://en.wikipedia.org/wiki/RADIUS
[9] http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol
[10] http://en.wikipedia.org/wiki/Post_Office_Protocol.
[11] http://en.wikipedia.org/wiki/LDAP
[12] http://shibboleth.internet2.edu/
[13] http://en.wikipedia.org/wiki/Network_News_Transfer_Protocol
[14] http://en.wikipedia.org/wiki/FirstClass
[15] http://en.wikipedia.org/wiki/Pluggable_Authentication_Modules.