How
secure is this? How does your modification check the validity of the
cookie? Presumably there is some encrypted or secure-hashed
information in that cookie, but only the Blackboard server could check
for that. It's probably not worth worrying about for student logins,
but could some hacker mock up a cookie on their desktop system which
could fool your webwork server into logging the hacker in as a WeBWorK
instructor?
Also another point is that if the user has their browser privacy set
to only allow cookies to be sent back to the originating server, then
this system would not work.
To respond to Dennis' second question, we at Ohio State have
developed modifications to WeBWorK 1.9 which enable students to
authenticate into WeBWorK against the university email server. We have
also developed modifications which allows instructors to download class
rosters from the registrar's web site and import them into WeBWorK, as
well as bulk upload final grades. Basically the way this works is that
the WeBWorK server prompts the instructor for their university
username/password, then uses a web robot (curl) to log into the
registrar's site and access the relevant secure pages on the
registrar's site.
<| Post or View Comments |>
|