• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Students hacking captivate quiz questions

New Here ,
Feb 23, 2020 Feb 23, 2020

Copy link to clipboard

Copied

I am having a problem with students hacking the captivate quiz questions by using browser developer tools to discover correct answers for quiz questions by inspecting javascript code.  It turned out to be incredibly easy for the students to accomplish this and teach others to cheat as well.  I wrote some javascript code with variables that held the correct answers.  My javascript functions were stored in a file that was read in by the code that executes with the code in index_scorm.html.  The students simply searched for "correct" and found variables using that partial name from which they could learn the run time values by displaying them in the console.  OK, that vunerability was my fault for putting the code in a file because there, it can be inspected from a webpage displaying any page in the course.  I have fixed this flaw in my code.  But I don't have a good understanding of what other information can be discovered using developer tools.  Does anyone know, when a quiz slide is entered, can a user discover javascript code executed in the "On enter" and "on exit" actions?  What about javascript code that executes from a button or advanced action?  Can this code be read and evaluated by the student using developer tools?  I am publishing in HTML5 only.

TOPICS
Advanced , Advanced actions , Quizzing and LMS

Views

826

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
People's Champ ,
Feb 24, 2020 Feb 24, 2020

Copy link to clipboard

Copied

So you are building custom questions, not using Captivates questions?

 

The only way to definitively hide anything from the user is to use server side scripts. Every thing is in the DOM if you know how to read it.

 

You could also try to obfuscate your JavaScript. There are plenty of free obfuscators.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Feb 24, 2020 Feb 24, 2020

Copy link to clipboard

Copied

If they do some reading about SCORM, and know their way around JS, it is pretty easy to find the code to send completion to the LMS. No need to even find the correct answers, open the course and paste in the code for completion.

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Contributor ,
Mar 04, 2020 Mar 04, 2020

Copy link to clipboard

Copied

LATEST

Above you wrote the following questions:

"Does anyone know, when a quiz slide is entered, can a user discover javascript code executed in the "On enter" and "on exit" actions?  What about javascript code that executes from a button or advanced action?  Can this code be read and evaluated by the student using developer tools?"

 

The answers is Yes. 

 

 

 

 

 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Help resources