Re: Security with students entering own data?
Date: 1996/03/21
Message-ID: <4ir31g$4eg_at_chaos.kulnet.kuleuven.ac.be>#1/1
The perfect (but difficult) solution is probably to set up a certification authority mechansim and to use authorised web access. I have heard that version 2 of the Oracle web server will support the above, although I do not know the details (I would like to know them ASAP, since we have about the same problem as you mention below). Most of the current CA's use X.500 and X.509, it would be nicer if there would be a pure Oracle solution.
-Herman-
Torfrid Leek (torfridl_at_ulrik.uio.no) wrote:
> We are about to implement our new student system, and the developers are
> finally ready to discuss security.
> It turns out they want students to be able to update their own demographic data,
> and register for exams etc.
> This will be done from designated workstations with a special client program.
> But the question arises, how do we pretend the students from deregistering
> anybody whose "person number" they might pick up somewhere, changing other
> people's addresses etc - in short, how can we authenticate them?
> So far we have come up with the idea of mailing them usernames and passwords
> with their admission letters - but we are told the vast majority of students
> do not read their mail and do not bring the required documentation.
> I would be interested to know if anybody is addressing similar issues, and how.
> In principle this is no different from letting them make a phone call to the
> student office to update this information. Maybe we should accept the fact
> that this information is not 100% trustworthy?
> Regards, Torfrid Leek
> USIT - Centre for Information Technology Services
> University of Oslo
> torfrid.leek_at_usit.uio.no
Received on Thu Mar 21 1996 - 00:00:00 CET