Re: [lias] Age IT Software News: Schools open for business

[Roger Buck <rog@saas.nsw.edu.au>]

Simon Bryan wrote:
> 
> Yep one of their biggest mistakes, talk to any school and they complain
> about OASIS. It has greatly improved (I hope) from when I first used it. I have
> been using MAZE for 10 years here and it certainly fits the bill for school
> administration. Doesn't run on LINUX :-( but it used to run on UNIX.
> 
> > Kylie Davies wrote:
> > >
> > > Available at
> > >
> > > http://www.it.fairfax.com.au/software/20000208/A4112-2000Feb7.html
> >
> > Hmmm. NSW standardised on OASIS ages ago and are about to introduce
> > standard progress tracking software as well (kidmap I think its
> > called..?..)

Apart from some Y2K patches and upgraded Netware OS (currently 4.11),
OASIS (as used by NSW DET) appears to have changed very little over the
years.

I have always though it interesting that the current DET version of
OASIS might be better suited to a SAMBA *n*x environment compared with
the current DET Netware implementation.

The reason that OASIS may be better suited to SAMBA\*n*x is that, the
way DET OASIS has been set up, Netware allocates all the required rights
to the _users_, rather than giving rights to the OASIS
programmes\scripts. For example, most users need root (or close
equivalent) rights to access much of the OASIS data - even Library
enquiry (which should ideally be "read only" (it's database stuff that
requires simple look-up) apparently requires "delete" and "modify"
rights to some folders. Because Netware rights (as employed by DET
OASIS) are independently available to the user both inside and outside
of the OASIS shell, Netware user rights present a huge security hole in
a Netware OASIS environment. On the other hand, *n*x is completely at
home in an environment where the the applications themselves are
allocated the required rights (via SGID, SUID, sudo and various
wrappers), whilst the users themselves may have few, or even absolute
zero login rights (shell = /bin/false for example).

Although these procedures\tools are well know and proven in the *n*x
community, the DET implementation of OASIS goes through the most
extraordinary set of kludges (including multiple "phantom" logout and
logins and infinite "goto" loops) to help protect the data from
unauthorised access. The irony is that all of these "dog and pony
tricks" are relatively futile - it is trivial for the informed user (or
a script-kiddy prepared to do 30 minutes web-based research, or guess a
simple password) to by-pass them all anyhow. If this is not already
happening, it's only because students have no interest in obtaining
unauthorised access to DET OASIS anyhow :-)

SUMMARY
IMO it's possible that DET OASIS may well run  more securely (and
reliably) in a SAMBA\*n*x environment than in Netware. If this proved to
be correct, it would provide the added advantage that it could be run
securely in a MS Windows GUI environment... which is currently
disallowed by DET for security reasons!

I have never bothered to try any of the above, and there may well be
some very good reason(s) that I have overlooked as to why OASIS couldn't
possibly run under SAMBA\*n*x. This is just mentioned as a "thought
crime for those in the know" <grin>

Even if OASIS did run better under *n*x, it probably wouldn't be worth
doing anyhow - IMO it would be better to have a complete replacement for
OASIS rather than trying to pump new life into something that should
have been buried long ago anyhow. A perfect candidate for MySQL and PHP
perhaps?



R.
-
ComputerBank Australia -- http://www.computerbank.org.au/