Educause Security Discussion mailing list archives
[no subject]
From: "Keslar, Chris" <crk4 () PITT EDU>
Date: Wed, 1 Jul 2009 13:08:53 -0400
Mike, We create accounts for applicants so they can access their application in our portal system, but nothing else. We created a separate sub-portal specifically for this purpose. We do not give them access to email or any other services. There are then a set of business rules and processes that manage the existence of the account. On the backend the accounts exist in our Active Directory, but are in a separate OU than our other user accounts. [hris Keslar Computing Services & Systems Development University of Pittsburgh From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tupker, Mike Sent: Wednesday, July 01, 2009 1:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Hello, A situation has developed where a project lead/developer and a few departments are saying we need to give active directory accounts and email accounts to applicants. I was wondering if other schools give active directory and or email accounts to applicants? The situation scares me to be honest. None of the details have been worked out that I know of, but the idea of giving email accounts to anyone who fills out a form online seems like a bad idea. It may be possible to lock down AD enough, but it still sounds like we are saying "Sign this internet form and get a login to our network. Have fun elevating privileges and sending spam!" I may be being paranoid about this but I wanted to get some of the community's thoughts on this. If I'm just being paranoid, feel free to say so. J Oh, and we also use google apps for our student email. It appears that the google apps for edu agreement does allow for giving account to non-students if desired. Mike Tupker Systems Administrator Mount Mercy College
Attachment:
smime.p7s
Description:
Current thread:
- [no subject] Keslar, Chris (Jul 01)