Re: Security with students entering own data?

From: Torfrid Leek <torfridl_at_ulrik.uio.no>
Date: 1996/03/22
Message-ID: <4itpf5$1td_at_ratatosk.uio.no>#1/1

In article <4is92o$oen_at_tpd.dsccc.com>, jstrange_at_imtn.dsccc.com (John Strange) writes:
> You did not supply enough information about the "known" database informtaion.
>

No, I should probably have explained it more in detail.

> If I had to design the system, the student information would contain
> a user workstation login id column. The block querey would be restricted
> to information about the login id. To get the workstation login id, do a
>
> select osuser
> from v$session
> where audsid = userenv('sessionid') ;
>

The trouble is, they share the workstations. We do collect the workstation IP address, so we can see if they are in the right place, but not who they are.

> Your system seems to allow someone to obtain personal data about someone
> else just on student id alone. I could probably get a list of student ids
> by just going through the university staff's trash looking for reports.
>

Oh no, we are pretty good about shredding those! At the moment the only data they can obtain is address and course enrolment information, the exam results are given out by an automated phone system!

Regards, Torfrid Leek
USIT - Centre for Information Technology Services University of Oslo

torfrid.leek_at_usit.uio. Received on Fri Mar 22 1996 - 00:00:00 CET

This message: [ Message body ]
Next message: Torfrid Leek: "Re: Security with students entering own data?"
Previous message: Erik Lindquist: "Re: SQL*Net and Win95"
Maybe in reply to: Torfrid Leek: "Security with students entering own data?"
In reply to John Strange: "Re: Security with students entering own data?"
Next in thread: Torfrid Leek: "Re: Security with students entering own data?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message