I am installing Moodle 2.4 latest stable version onto a shared server provided by a service provider. I do not have access to the command line prompt nor rights to install any files or change files in the root. My service provider is installing Moodle for me. They have created the moodledata subdirectrory in the same directory as all of the other Moodle files. I have tried to explain that this is not where the moodledata directory is to go based on the install instructions from Moodle. They say I don't understand the install procedure.
In order to argue intelligently with them or, alternately, to recevie confirmation that they have correctly installed Moodle, can someone please respond to the following questions? I have not been able to find the answers in other forums.
First, I understand that the moodledata directory is accessible to the Web if it is placed within the Moodle directory. What exactly is the security risk? How does someone access the moodledata directory if installed within the Moodle directory and not in the root?
Second, at my request, Moodle was to be installed in a subdomain. I have been told that all of the folders of the subdomain are essentially "public" as it is below the root. With the moodledata direcrory created within the Moodle files of the subdomain, does that present another security risk?
Simple explainations and any help you can provide would be much apprecaited.