| Re: Iterative interfacing between client and server [message #169876 is a reply to message #169875] |
Wed, 29 September 2010 04:41   |
Denis McMahon
Messages: 634
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 29/09/10 04:16, Graham Hobbs wrote:
> Student Number
> First Name
> Surname
> Faculty
> Major
>
> So ..
> 1. The user enters Student Number, clicks Submit
> Server uses Student Number to access an sql table
> Server sends page with first name, surname, faculty, major populated
> goto 1.
>
> Is this a practical web application?
Can I (or anyone else) enter random student numbers and use this to
obtain information about random students?
Is there a data security implication, or even a student personal safety
implication, if anyone viewing the website can obtain data about
students simply by stumbling across the right "identifier"?
I'd suggest:
1. Student logs in with student number and a password
2. Student sees only their own data
Rgds
Denis McMahon
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]