Re: Security with students entering own data?
Date: 1996/03/21
Message-ID: <4isn1e$jfm_at_gossamer.itmel.bhp.com.au>#1/1
In article <4ip26d$jc_at_ratatosk.uio.no>, torfridl_at_ulrik.uio.no (Torfrid Leek) says:
>
>We are about to implement our new student system, and the developers are
>finally ready to discuss security.
>It turns out they want students to be able to update their own demographic data,
>and register for exams etc.
>This will be done from designated workstations with a special client program.
>But the question arises, how do we pretend the students from deregistering
>anybody whose "person number" they might pick up somewhere, changing other
>people's addresses etc - in short, how can we authenticate them?
>So far we have come up with the idea of mailing them usernames and passwords
>with their admission letters - but we are told the vast majority of students
>do not read their mail and do not bring the required documentation.
>
>I would be interested to know if anybody is addressing similar issues, and how.
>In principle this is no different from letting them make a phone call to the
>student office to update this information. Maybe we should accept the fact
>that this information is not 100% trustworthy?
What about handling it the same way that it would be done if they phoned
the admissions office?
They have to have some info to uniquely identify themselves - when the
banks use this it often seems to be Mother's Maiden Name.
I wouldnt recommend getting them to 'nominate' a password to replace this
(as some of the banks do) because in some cases it wouldnt be used
oftener than annually - and who can remember a password at that
frequency.
HIH
Lee
----------------+--------------------------------------------------- This | Lee Levy, ISSD Systems Development, Del Code (34) space | BHP Information Technology, ACN 006 476 213 left blank | PO Box 261, Warrawong, NSW 2502, Australiaintentionally | PH: +61 42 75-5485 Fax: -5500 Tie: 8855- in mourning | Internet : levy.lee.ls_at_bhp.com.au
----------------+---------------------------------------------------Opinions expressed are mostly my own, so give me some credit. Received on Thu Mar 21 1996 - 00:00:00 CET