Web Site for my Students

[Alex Tweedly]

I think the key question for me is, what exactly do you mean by

- If okay, set cookie, storing student ID


If you mean "set the cookie to be their student ID", then that's a bad 
idea - it would be far too easy for someone to spoof the cookie value 
and fraudulently submit it in a request. (security = terrible)

If you mean "set the cookie to a value including their student ID" - say 
ID & md5hash(ID+secret_constant) - then that's "ok". Not too easy to 
determine and spoof the value, though it would be the same every time. 
(security = poor)

If you mean (??) "set the cookie to random value, which is stored in and 
later used to look up a database(/table) of cookie : ID : name : 
date+time : ...", then subsequent accesses look up that table to 
determine which student ID it is from - that sounds good. Not quite so 
simple, but far, far better. (security=good)

-- Alex.



On 28/10/2013 17:27, Gregory Lypny wrote:
> Hello everyone,
>
> I used to run a simple web site for my students on On-Rev. Students could use forms to submit quizzes and upload short papers. I’m going to revise the site and run it on my Mac, which has a static IP address. I want to use cookies, and the main information the cookie would store is the unique, seven-digit student ID. Does the following look reasonable?
>
> - Login page requiring student ID and password
> - If okay, set cookie, storing student ID
> - For every page a student navigates, get their cookie, and use their student ID to confirm who they are so that their name can be displayed on the page, and so that they can submit quizzes and other homework with their ID as part of the submission
>
> Want to keep it simple. Your thoughts would be most appreciated.
>
> Gregory
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode