Educause Security Discussion mailing list archives
[no subject]
From: James Cooley <jcooley () FIT EDU>
Date: Wed, 1 Jul 2009 13:21:41 -0400
We've had some similar concerns about this in the past. What we've done, is created a system comprised of two levels of student accounts. An applicant is given a limited account in a separate organizational unit in our LDAP directories that only gives the individual access to the student information system to check on the status of the application, account balances, etc. Once a student is accepted, and has paid their tuition deposit, this account is converted to a full student account. -- James Cooley Information Security Officer Florida Tech IT Services jcooley () fit edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tupker, Mike Sent: Wednesday, July 01, 2009 1:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Hello, A situation has developed where a project lead/developer and a few departments are saying we need to give active directory accounts and email accounts to applicants. I was wondering if other schools give active directory and or email accounts to applicants? The situation scares me to be honest. None of the details have been worked out that I know of, but the idea of giving email accounts to anyone who fills out a form online seems like a bad idea. It may be possible to lock down AD enough, but it still sounds like we are saying "Sign this internet form and get a login to our network. Have fun elevating privileges and sending spam!" I may be being paranoid about this but I wanted to get some of the community's thoughts on this. If I'm just being paranoid, feel free to say so. :) Oh, and we also use google apps for our student email. It appears that the google apps for edu agreement does allow for giving account to non-students if desired. Mike Tupker Systems Administrator Mount Mercy College
Current thread:
- [no subject] James Cooley (Jul 01)