Home page logo
/

basics logo Security Basics mailing list archives

Security for grades stored online
From: Eitan Adler <eitanadlerlist () gmail com>
Date: Wed, 9 Dec 2009 18:27:58 +0200

I will be coding a system for a university in which teachers will be
able to enter grades into a web based form. The grades will then be
stored in a database and used by the university to supply the final
transcript.
This system is obviously a target for people wishing to change their
grades. While I intend on coding securely and keeping the servers
secure (no access from the internet and such) I (and the university)
would like security a guarantee that is similar to that of teachers
manually handing in grades. My thought was to create a hash of the
names & grades which the teacher could print out and hand in to the
main office. This hash (one per class) could be verified against the
hash that is generated when the grades are viewed by the
administration. This reduces the amount of work required to verify
that the grades have not been changed and (I think) without reducing
the security of the grades.

Is this true? Can you find any flaws or implementation "gotchas" that
I should be aware of?

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]