| Re: Iterative interfacing between client and server [message #169881 is a reply to message #169876] |
Wed, 29 September 2010 10:17   |
Geoff Berrow
Messages: 16
Registered: September 2010
Karma:
|
Junior Member |
|
|
On Wed, 29 Sep 2010 05:41:09 +0100, Denis McMahon
<denis(dot)m(dot)f(dot)mcmahon(at)googlemail(dot)com> wrote:
> On 29/09/10 04:16, Graham Hobbs wrote:
>
>> Student Number
>> First Name
>> Surname
>> Faculty
>> Major
>>
>> So ..
>> 1. The user enters Student Number, clicks Submit
>> Server uses Student Number to access an sql table
>> Server sends page with first name, surname, faculty, major populated
>> goto 1.
>>
>> Is this a practical web application?
>
> Can I (or anyone else) enter random student numbers and use this to
> obtain information about random students?
>
> Is there a data security implication, or even a student personal safety
> implication, if anyone viewing the website can obtain data about
> students simply by stumbling across the right "identifier"?
>
> I'd suggest:
>
> 1. Student logs in with student number and a password
> 2. Student sees only their own data
If it's an administrative function a simple search on all or part of
the users surname would perhaps be more practical (provided the page
is protected by some form of administrative log in)
--
Geoff Berrow (Put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs www.4theweb.co.uk/rfdmaker
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]