Much to my disgust, Debbie found a way that students can change their password - bummer. However, students should note, and be told, if they find out they can change it, that the technology department can still grab their account, override any password they entered and see what's going on with their account. Teachers won't be able to grab the account if students change the password, but the technology department can.
Now, what we're going to have to do in the meantime, is I will upload our pilot accounts about once a week, so if they change it, it will be changed back to their external password. Hopefully, the more industrious little munchkins will get tired of messing with it, if they find out.
If this pilot is promising, the technology department will start digging deeper into SSO (Single Sign On), like what we're doing with IDEAL - from ASU, the authentication is passed back to our server and we control the process. I'm just trying to avoid messing with that right now. For more techno information on this process, feel free to study the below link a bit.
http://code.google.com/apis/apps/sso/saml_reference_implementation.html
This will have the effect, that students can change it all they want - the next time they log in, guess what, still the external password.
Additionally, I have tested the following to verify things are okay with overriding, updating, etc..
• I logged in with our student test account and added an event to the calendar.
• I then logged out, logged in as the administrator and uploaded the student test account again - override the previous username/password with the same username/password.
• Logged back in as test student and the event to the calendar was still there - makes sense as each account is unique.
• Then I logged in as the test student, entered a second calendar event, and changed the password while logged in as the student.
• Logged out and tried the old password for the test student - it didn't work.
• Logged in with the changed password and the 2nd calendar event was there.
• Then I logged in as the administrator and reuploaded the credentials for the test student.
• Logged in as the test student with the original password, and the 2nd calendar event was still there.
• This updating/reuploading of student account login credentials appears to not mess with the information that's there - so, this looks like a good thing. We'll be doing this several times over the next months, so we'll have plenty of time to verify as we go.
Jeff.....
Subscribe to:
Post Comments (Atom)
1 comment:
Good grief I didn't want to be digusting! Yikes!
Its unlikely they will travel over to calendar settings...but it's good to be aware of the possibilities nonetheless...sigh.
I'm pretty excited about getting my kids rolling here and they are too!
Post a Comment