Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Enabling a job applicant to resume a submission later

From: "Julian Y. Koh" <kohster () NORTHWESTERN EDU>
Date: Wed, 15 Dec 2010 15:15:09 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 4:08 PM -0500 12/15/10, Clifford Collins wrote:

We are still a year or more away from implementing an IdM solution that
would enable us to give them a unique login. Also, I would not assume they
would use the same workstation each time.


Seems to me that you need a unique login in order to enable the 2nd
requirement there.  And even if you lose the workstation portability
requirement, you then have the issue of cookie stealing and/or session
resumption on a shared workstation.  ie, if I'm on my work computer
applying for a job at Franklin, and someone else comes by and sees in my
history that I was on the Franklin job site, what's to stop them from just
going back to one of those pages and seeing not just what job I was
applying for but also whatever confidential information I put into the
application?

Maybe I'm not up to date on the state of the art of web apps, but not
having some sort of unique login gives me the willies....


-----BEGIN PGP SIGNATURE-----
Version: 9.9.1.287

wj8DBQFNCS/cDlQHnMkeAWMRApKGAJ9rOwPVgZKpda6ocy2GnSFIHyP7HACgqizn
8phm8Hzd589Itj87cUQsVAw=
=guBy
-----END PGP SIGNATURE-----

-- 
Julian Y. Koh                         <mailto:kohster () northwestern edu>
Manager, Network Transport                         <phone:847-467-5780>
Telecommunications and Network Services         Northwestern University
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
Previous By Date Next
Previous By Thread Next

Current thread: