Oh, re-reading the string tells me that I lept hastily. Sorry Todd. I do like Sam's "nun filter" idea though : ) On Thu, 18 Dec 2003 10:25:56 -0600 Todd Young <auditodd at comcast.net> writes: > No, I think the accountability factor in requiring a log-in/log-out > is > GREAT! Kids using computers NEED to be taught proper security > procedures. I was truly amazed at my last job how many people would > walk > away from their PCs without locking them. With open screens to the > mainframe TOO! My wife's company has recently enacted a mandatory > "password protected" screen saver, with a timeout of 10 minutes. As > most > people know, this is an easy registry change for the desktop admin > group, and I'm sure they keep track of people who change it and if > it's > changed too often, it's probably reported to the person's manager. > > You must have misunderstood my statement. I was merely suggesting > that > at first you would get kids who would not log out properly, and then > > others would use their account for making trouble. And I'm sure they > > would cry and moan about any disciplinary action. They would have > to be > disciplined the same as those making the actual trouble as their > lack of > security led to the problem. They may not like it, but the perhaps > they > would learn their lesson after the first disciplinary action. > > Wm. D Radomski wrote: > > Todd > > Is there any empirical evidence that a requirement of > accountability > > is either harmful or unfair? A mandatory log-in/log-out would do > well > > to solve both the security/control issues and further the > exposure of > > the students to what will be expected of them in the > post-educational > > (for most of us, the "real") world. Non-compliance could be > easily > > tracked, and would simply result in a metered limit of access. Is > this > > simple bit of logic beyond our current state of educational > politics? > > > > (naively?) > > Bill > > > > On Wed, 17 Dec 2003 10:55:06 -0600 Todd Young > <auditodd at comcast.net> > > writes: > > > >>I think people are missing the point..... > >> > >>This is a number of schools, with a network of "publicly" used > >>computers, at least public in the sense that any number of > students > >>in > >>the schools can access these computers. Unless the ".pl page" is > >>accessible to the "outside" world, filtering by IP would not solve > > >>the > >>problem. If the page is accessible from the outside world, then a > >>filter > >>to allow only IPs within the school system would be partially > >>effective. > >> > >>I think the only way to solve the problem would be to implement a > >>"log > >>on" standard across all of the computers at all of the schools > >>involved. > >>Forcing the students to log on to use a computer would provide a > two > >> > >>fold solution. First, it would get them used to proper computer > >>security > >>in a shared-PC environment. Second, it would allow you to "track" > >>mischievous behavior. This is not a perfect solution, but I don't > >>think > >>there is a perfect solution. > >> > >>There is a catch. If a student fails to properly log out of their > >>session, someone could use that session to send the mischievous > >>messages. Even if a student didn't send the message, but failed to > > >>properly log out, they could be reprimanded for not following > proper > >> > >>security standards. > >> > >>Once the message gets out that "you can be tracked down by your > >>login", > >>students will be less likely to cause problems, AND more aware of > >>security measures that protect their "identity". > >> > >>Callum Lerwick wrote: > >> > >>>>I run a content filter at a number of schools. When a site is > >> > >>banned the > >> > >>>>user gets a .pl page to fill out on my server explaining why > they > >> > >>think the > >> > >>>>site should not be blocked. I get an email of their comments > each > >> > >>time the > >> > >>>>form is submitted. Lately, some people with too much time on > their > >> > >>hands are > >> > >>>>bringing the page up from my web site and sending me some cute, > >> > >>simple > >> > >>>>minded messages. Is there something I can add to httpd.conf that > > >> > >>will only > >> > >>>>allow the page to be pulled up if it is requested from a > specific > >> > >>IP or > >> > >>>>network? > >>> > >>> > >>>If its a script to begin with, the cleanest thing would probably > >> > >>be to > >> > >>>just add some code to the script to ignore anyone coming from the > > >> > >>wrong > >> > >>>IP. Dunno how to do it in perl offhand, but the REMOTE_ADDR cgi > >> > >>variable > >> > >>>should be what you want... > >> > >>-- > >>Todd Young > >>7079 Dawn Ave. E. > >>Inver Grove Heights, MN 55076 > >> > >> > >>_______________________________________________ > >>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > >>http://www.mn-linux.org tclug-list at mn-linux.org > >>https://mailman.real-time.com/mailman/listinfo/tclug-list > >> > > > > > > > > _______________________________________________ > > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > > http://www.mn-linux.org tclug-list at mn-linux.org > > https://mailman.real-time.com/mailman/listinfo/tclug-list > > > > -- > Todd Young > 7079 Dawn Ave. E. > Inver Grove Heights, MN 55076 > > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > http://www.mn-linux.org tclug-list at mn-linux.org > https://mailman.real-time.com/mailman/listinfo/tclug-list > _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list