James Stroud wrote: > On Saturday 10 September 2005 15:02, Ron Adam wrote: > >>Kirk Job Sluder wrote: >>I would think that any n digit random number not already in the data >>base would work for an id along with a randomly generated password that >>the student can change if they want. The service provider has full >>access to the data with their own set of id's and passwords, so in the >>case of a lost id, they can just look it up using the customers name >>and/or ssn, or whatever they decide is appropriate. In the case of a >>lost password, they can reset it and get another randomly generated >>password. >> >>Or am I missing something? > > > Yes and no. Yes, you are theoretically correct. No, I don't think you have > the > OP's original needs in mind (though I am mostly guessing here). The OP was > obviously a TA who needed to assign students a number so that they could > "anonymously" check their publicly posted grades and also so that he could do > some internal record keeping. > > But, I'm thinking no one remembers college here anymore.
Last semester I took, I was able to check my grades by logging into a web page with my student ID and using a password. The password default was my SSN, we could change it. In any case students have read only access and are not able to change anything. Not a big deal and very little personal information was visible. If any one would have bothered to look they would have simply found out I had very good grades. <shrug> > The point is that *something has to be kept secret* for encryption security > to > work. Theoretically best would be a passphrase, or a passphrase to a really > big key. So, perhaps we could modify the algorithm from a few messages back, > in order to address the (assumed) *practical* considerations of the OP's > original query: The actual database files should not be directly reachable, except by the appropriate data base administrators, it should send and retrieve information based on the users access rights via a server. Is this a case where each account is encrypted with a different key in addition to the access rights given to each user? Cheers, Ron -- http://mail.python.org/mailman/listinfo/python-list
