Re: Security with students entering own data?

From: Lee Levy <levy.lee.ls_at_bhp.com.au>
Date: 1996/03/21
Message-ID: <4isn1e$jfm_at_gossamer.itmel.bhp.com.au>#1/1

In article <4ip26d$jc_at_ratatosk.uio.no>, torfridl_at_ulrik.uio.no (Torfrid Leek) says:
>
>We are about to implement our new student system, and the developers are
>finally ready to discuss security.
>It turns out they want students to be able to update their own demographic data,
>and register for exams etc.
>This will be done from designated workstations with a special client program.
>But the question arises, how do we pretend the students from deregistering
>anybody whose "person number" they might pick up somewhere, changing other
>people's addresses etc - in short, how can we authenticate them?
>So far we have come up with the idea of mailing them usernames and passwords
>with their admission letters - but we are told the vast majority of students
>do not read their mail and do not bring the required documentation.
>
>I would be interested to know if anybody is addressing similar issues, and how.
>In principle this is no different from letting them make a phone call to the
>student office to update this information. Maybe we should accept the fact
>that this information is not 100% trustworthy?

What about handling it the same way that it would be done if they phoned the admissions office?
They have to have some info to uniquely identify themselves - when the banks use this it often seems to be Mother's Maiden Name. I wouldnt recommend getting them to 'nominate' a password to replace this (as some of the banks do) because in some cases it wouldnt be used oftener than annually - and who can remember a password at that frequency.

HIH
Lee

----------------+---------------------------------------------------
      This      |  Lee Levy, ISSD Systems Development, Del Code (34)
     space      |  BHP Information Technology,  ACN 006 476 213
  left blank    |  PO Box 261, Warrawong, NSW 2502, Australia

intentionally | PH: +61 42 75-5485 Fax: -5500 Tie: 8855- in mourning | Internet : levy.lee.ls_at_bhp.com.au

----------------+---------------------------------------------------

Opinions expressed are mostly my own, so give me some credit. Received on Thu Mar 21 1996 - 00:00:00 CET

This message: [ Message body ]
Next message: Yao-Wen Stephen Tsai: "Update Conflict in Sybase Replication Server"
Previous message: John Strange: "Re: Security with students entering own data?"
In reply to: Torfrid Leek: "Security with students entering own data?"
In reply to Torfrid Leek: "Security with students entering own data?"
Next in thread: David Rackley: "Re: Case insensitive queries"
Reply: Torfrid Leek: "Re: Security with students entering own data?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message