Security with students entering own data?

From: Torfrid Leek <torfridl_at_ulrik.uio.no>
Date: 1996/03/20
Message-ID: <4ip26d$jc_at_ratatosk.uio.no>#1/1

We are about to implement our new student system, and the developers are finally ready to discuss security.
It turns out they want students to be able to update their own demographic data, and register for exams etc.
This will be done from designated workstations with a special client program. But the question arises, how do we pretend the students from deregistering anybody whose "person number" they might pick up somewhere, changing other people's addresses etc - in short, how can we authenticate them? So far we have come up with the idea of mailing them usernames and passwords with their admission letters - but we are told the vast majority of students do not read their mail and do not bring the required documentation.

I would be interested to know if anybody is addressing similar issues, and how. In principle this is no different from letting them make a phone call to the student office to update this information. Maybe we should accept the fact that this information is not 100% trustworthy?

Regards, Torfrid Leek
USIT - Centre for Information Technology Services University of Oslo

torfrid.leek_at_usit.uio.no Received on Wed Mar 20 1996 - 00:00:00 CET

This message: [ Message body ]
Next message: David K Black: "Re: Security with students entering own data?"
Previous message: Sunil Mushran: "Re: Rollback through ODBC?"
Next in thread: David K Black: "Re: Security with students entering own data?"
Reply: David K Black: "Re: Security with students entering own data?"
Reply: Herman Van Uytven: "Re: Security with students entering own data?"
Reply: John Strange: "Re: Security with students entering own data?"
Reply: Lee Levy: "Re: Security with students entering own data?"
Reply: Jon Finke: "Re: Security with students entering own data?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message