Security Basics mailing list archives
Re: Security for grades stored online
From: Ramki B Ramakrishnan <bramkie () gmail com>
Date: Fri, 11 Dec 2009 21:43:17 +0530
This system is obviously a target for people wishing to change their
grades. While I intend on coding securely and keeping the servers secure (no access from the internet and such) I (and the university) would like security a guarantee that is similar to that of teachers manually handing in grades.
No access from internet or the following the manual record system does not give you any guarantees. I suggest you focus on a) secure coding practices, b) test, re-test, & periodical tests for the app. c) refer stuff like OWASP Top 10 and implement a HIDS like OSSEC Even with all these you can be only relatively assured of security :-) at times paranoia helps... Ramki On Fri, Dec 11, 2009 at 1:21 PM, Ramki B Ramakrishnan <bramkie () gmail com> wrote:
This system is obviously a target for people wishing to change theirgrades. While I intend on coding securely and keeping the servers secure (no access from the internet and such) I (and the university) would like security a guarantee that is similar to that of teachers manually handing in grades.No access from internet or the following the manual record system does not give you any guarantees. I suggest you focus on a) secure coding practices, b) test, re-test, & periodical tests for the app. c) refer stuff like OWASP Top 10 and implement a HIDS like OSSEC Even with all these you can be only relatively assured of security :-) at times paranoia helps... Ramki On Wed, Dec 9, 2009 at 9:57 PM, Eitan Adler <eitanadlerlist () gmail com> wrote:I will be coding a system for a university in which teachers will be able to enter grades into a web based form. The grades will then be stored in a database and used by the university to supply the final transcript. This system is obviously a target for people wishing to change their grades. While I intend on coding securely and keeping the servers secure (no access from the internet and such) I (and the university) would like security a guarantee that is similar to that of teachers manually handing in grades. My thought was to create a hash of the names & grades which the teacher could print out and hand in to the main office. This hash (one per class) could be verified against the hash that is generated when the grades are viewed by the administration. This reduces the amount of work required to verify that the grades have not been changed and (I think) without reducing the security of the grades. Is this true? Can you find any flaws or implementation "gotchas" that I should be aware of? ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 -------------------------------------------------------------------------- Ramki B Ramakrishnan
-- Ramki B Ramakrishnan ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Security for grades stored online Eitan Adler (Dec 10)
- Re: Security for grades stored online Aarón Mizrachi (Dec 11)
- Re: Security for grades stored online Eitan Adler (Dec 11)
- Re: Security for grades stored online Adam Mooz (Dec 11)
- Re: Security for grades stored online Eitan Adler (Dec 11)
- Message not available
- Re: Security for grades stored online Ramki B Ramakrishnan (Dec 11)
- Re: Security for grades stored online Aarón Mizrachi (Dec 11)
- <Possible follow-ups>
- FW: Security for grades stored online _john aleshunas_ (Dec 11)