Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

FW: Security for grades stored online

From: "_john aleshunas_" <jalesh () webster edu>
Date: Fri, 11 Dec 2009 10:23:55 -0600
A simple process that sends an e-mail to the person who changed the grades,
confirming that the grades were changed and listing the new grades. If the
correct person changed the grades, then they have confirmation that the
changes were submitted. If someone else used their account, they have an
indication of the mis-use of their account.



john aleshunas                     ____  __o 
jalesh () webster edu                 __  _ \<_ 
314.246.7565                       __ (_)/(_)
mercury.webster.edu/aleshunas


**********************************************************************
Combinatorialists know how to count their blessings.
**********************************************************************
                                       
         /"\                           
         \ /  ASCII ribbon campaign    
          X   against HTML email       
         / \                           
                                       
**********************************************************************  


-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of Eitan Adler
Sent: 11 December, 2009 02:04
To: Aarón Mizrachi
Cc: security-basics () securityfocus com
Subject: Re: Security for grades stored online


From most of the responses I've seen the best idea for me would be to

use some form of PKI.
The reason I didn't jump immediately into PKI instead of my idea was:
1) Most of the teachers are probably not technologically 
sophisticated. I'm unaware of any easy-to-use PKI system
2) I'm assuming one of two cases here (a) the teacher left 
the computer alone or (b) the teacher chose an easy to guess password.
3) The teacher would probably choose the same password for 
the key as for the moodle account (which I'm modifying to fit 
my needs)

Does anyone know of an easy-to-use system that would not be 
compromised by the above assumptions. I'm also working within 
a limited budget so (as far as I'm aware atm) no new hardware 
could be bought.

--------------------------------------------------------------
----------
Securing Apache Web Server with thawte Digital Certificate In 
this guide we examine the importance of Apache-SSL and who 
needs an SSL certificate.  We look at how SSL works, how it 
benefits your company and how your customers can tell if a 
site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache 
web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management 
of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;

e13b6be442f727d1

--------------------------------------------------------------
----------






------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: