DE Oracle @ UMUC

Handling Sensitive Files in the Online Environment

CSI Staff

Staff Writer

Center for Support of Instruction

Published: 0 2003

Category: » Tech-skills-software » Security

Have you ever run into a situation where students were asking you questions about an assignment or lecture that you hadn't made available to them yet? Do you publish sensitive files such as mid-terms and final exams to your Polaris/Nova account, and then make the link available in WebTycho when you are ready for your students to access the document?

In the online environment, it is very easy for students to gain access to files that have been published on Polaris/Nova if you don't have them properly secured. For example: If you placed the following URL in to the WebTycho classroom - http://polaris.umuc.edu/~jsmith/admn625/lectures/lect1.html often, all the student has to do is to remove lect1.html from the URL and they can see all the files that have been published to the lecture folder. If the student continues to hack away at the URL eventually he/she may be able to see your entire Polaris/Nova directory structure.

If you publish files to Polaris/Nova, try looking at the root directory for your Polaris/Nova account. In the browser, type: http://polaris.umuc.edu/~loginname where loginname is your login for your Polaris/Nova account (if you have a Nova account, you need to substitute "nova" for "polaris"). If the www folder permissions have not been changed to block access or you have not already added an index.html page, you should see something similar to the image below (of course you will have different folders names and files).

Now that you have seen what your students could possibly see, you may be wondering how you can protect exams, assignments and other documents of this nature from being inappropriately accessed? There is no one way to do this. The method you choose depends on how comfortable you are working in your Polaris/Nova account. Below are several methods in which to handle sensitive files.

• Method One: Using WebTycho (Easiest Overall)
  
  Type content directly into WebTycho (plain text or cut/paste HTML). This the easiest method. You don't need to publish files to Polaris/Nova. You can use the WebTycho text box and type in your text (or cut/paste from Word), however, if you have images, this is not a good option.

If you prefer to publish sensitive files on the Polaris or Nova server and provide a URL from the WebTycho classroom, you can still keep your files hidden until you are ready to use them. Method Two and Three will help protect your files. Choose which ever method you are most comfortable with.

• Method Two: Using an index.html Page (Easiest for Server Storage)
  
  Using Polaris/Nova, add an index.html page to a directory. This method is a little more complicated then just adding text to WebTycho, but is relatively easy and provides you with the flexibility of using URLS in the WebTycho classroom.


• Method Three: Setting Directory Permissions on the Server (Most Secure for Server Storage)
  
  Using Polaris/Nova, change permissions of sensitive files. This method is the most complicated method. If you don't change the permissions properly, you may prevent all access to the file. Which may not be a bad thing, until you want to allow access to the files.