data.js gives quiz answers away
Aug 28, 2018
A Savvy learner in our org showed us a way to look directly at the data.js file of an SL3 course, which happily, if awkwardly gives the answers away to assessment questions in the learning object:
1. Launch a course through LMS
2. View source on the module window
3. Click on the link within: <script SRC="story_content/user.js" TYPE="text/javascript"></script>
3. Change the url which pops up from "blah blah/story_content/user.js" to "blah blah/html5/data/js/data.js"
4. Do a text search on the question, then look for "status":"correct". Which will highlight all the correct answers in the asset. It is awkward to cross reference it with question and answer ID's, but it's all there.
It seems as though learners should not be able to view this document. Maybe this is an LRS issue.
Any help would be greatly appreciated!
Mike
4 Replies
SCORM is not really cheat-proof which has been known for years. Easiest way to cheat is to change the score/completion in your browser before it gets sent to the LMS. Truth is, as a student who wants to learn, would you cheat yourself to a passing score and skip the learning process?
however, if it's an exam required for certification you'd rather want to go with your LMS' quiz feature.
Thanks for responding - and I agree - these are low-stakes assessments for sure - with high-stakes stuff fully sourced and protected.
Also, and maybe it doesn't make a difference, but we're using tincan /xAPI
Hi Mike,
You may also want to take a look at this discussion and the linked article on SCORM's perspectives on security.
Hope that helps you think about ways in which to further protect, copyright and lock down your content.
Use a javascript obfuscator on the data.js
This discussion is closed. You can start a new discussion or contact Articulate Support.