WeBWorK's low level of security
Can you elaborate? We'd like WeBWorK to be completely secure, and if
there are places where security is lacking they should be fixed.
My only concern would be that he may have gotten the
source code for problems (from the CVS, or hacking the local server?)
in order to sell general solutions 'for all web work problems.'
It is possible for anyone to download the problem libraries and examine
the code. However, they would also have to match a problem in the
library to the problem they need to solve, which is not completely easy
since the filenames are not given and many professors rename sets when
they import them into WeBWorK ("1", "2", etc.) It is possible to search
for key words in the problem to narrow down your search, so we really
can't hide behind that obscurity.
I'm open to suggestions for how to balance making problem libraries
freely and easily available to educators while providing a barrier to
malicious students. (To start, I've added a robots.txt to our web CVS
<| Post or View Comments |>