Educause Security Discussion mailing list archives
[no subject]
From: "Tupker, Mike" <mtupker () MTMERCY EDU>
Date: Wed, 1 Jul 2009 14:19:43 -0500
Thanks for all the responses so far. How do you handle password reset requests from applicants? Since they are in the application process and don't have ID's yet or some way of identifying themselves in the database, I would think it would be hard to provide adequate proof of a applicants identity. Maybe I'll leave that up to the person who has to rewrite the provisioning software. Regardless of how the password reset requests are handled, our one helpdesk person will likely be overloaded by the applicants needing login help. Mike Tupker Systems Administrator Mount Mercy College From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tupker, Mike Sent: Wednesday, July 01, 2009 12:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Hello, A situation has developed where a project lead/developer and a few departments are saying we need to give active directory accounts and email accounts to applicants. I was wondering if other schools give active directory and or email accounts to applicants? The situation scares me to be honest. None of the details have been worked out that I know of, but the idea of giving email accounts to anyone who fills out a form online seems like a bad idea. It may be possible to lock down AD enough, but it still sounds like we are saying "Sign this internet form and get a login to our network. Have fun elevating privileges and sending spam!" I may be being paranoid about this but I wanted to get some of the community's thoughts on this. If I'm just being paranoid, feel free to say so. :) Oh, and we also use google apps for our student email. It appears that the google apps for edu agreement does allow for giving account to non-students if desired. Mike Tupker Systems Administrator Mount Mercy College
Current thread:
- [no subject] Tupker, Mike (Jul 01)