[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Plethora of gradebooks, grade change audit.

To: seul-edu@seul.org
Subject: Re: Plethora of gradebooks, grade change audit.
From: Bradley Burnside <bradley@voyager.net>
Date: Mon, 28 Dec 1998 01:19:48 -0500
References: <199812261427.JAA00819@csrlink.net> <3685C3F3.3D3F270C@slip.net> <19981227153806.A8878@cgibuilder.com> <36870E19.C9596C4A@slip.net> <19981227214730.A9876@cgibuilder.com>
Reply-To: seul-edu@seul.org
Sender: owner-seul-edu@seul.org

Hi,
    I've been reading both your thoughts on the issue of a grade change audit.  I agree
with Matt, the security you are suggesting is difficult because there aren't any paper
copies.  I've been thinking about this, and I think pgp keysigning would be a good idea.
But I'm sure there will eventually be an excuse that can still blame it on the teacher.
    The only thing I can think of is making regular tape backups of the database at its
full integrity and keeping it in an untouchable location.  I don't think there is anyway
of keeping the DBA out of reach of the grades unless you make your own personal copies of
it.  That is why I am making it possible for teachers to save their grades locally on a
disk.
                        Now I have something to think about,
                                Bradley Burnside

> Bill,
>
> I think i understand your position, but this kind of security is
> difficult because there are no paper copies.  because
> administrators own the machine(s) that will be used
> to store the grades, nothing keeps a very adept DBA from
> changing logs and database entries.
>
> there are a number of ways i am thinking this can be fixed.
>
> One way is to have the system create grade listings at the
> end of each term for each teacher.  The teacher then has to supply
> a pgp/gpg key to sign the listing.
>
> These listings then have to be saved by the system.  and
> if they aren't then it would be easy to show all the
> "irregularities" are the turly the admistrators'.
>
> A not nearly so complex system a but probaly as efective is just have
> a simple transaction log created for every modification.  This
> will probably be enough to show no wrong doing on the part of
> the teacher.  This system(which is already planned) offer
> quite a bit of security-via-obscurity.  about the only people
> that could make mods that wouldn't be detectable would be
> the authors.(myself and a few others that hack on the system.)
>
> But again, signed logs seems to be about the only truely
> secure way to prove that grades weren't changed.
>
> code for sending out a memo probably would hassles teachers
> and administrators more than what it would make up in true
> security.
>
> --matt wimer

Follow-Ups:
- Re: Plethora of gradebooks, grade change audit.
  - From: Bill Ries-Knight <brk@slip.net>

References:
- Plethora of gradebooks
  - From: Douglas Loss <dloss@csrlink.net>
- Re: Plethora of gradebooks
  - From: Bill Ries-Knight <brk@slip.net>
- Re: Plethora of gradebooks
  - From: Matt Wimer <matt@cgibuilder.com>
- Re: Plethora of gradebooks, grade change audit.
  - From: Bill Ries-Knight <brk@slip.net>
- Re: Plethora of gradebooks, grade change audit.
  - From: Matt Wimer <matt@cgibuilder.com>

Prev by Date: Re: Plethora of gradebooks, grade change audit.
Next by Date: Re: Plethora of gradebooks, grade change audit.
Prev by thread: Re: Plethora of gradebooks, grade change audit.
Next by thread: Re: Plethora of gradebooks, grade change audit.
Index(es):
- Date
- Thread