compression

Marcel Kunath kunathma@pilot.msu.edu
Tue, 24 Apr 2001 15:37:04 -0400 (EDT)
Previous message: compression
Next message: compression
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>
> "Marcel Kunath" <kunathma@pilot.msu.edu> writes:
>
> > Well I do ASP and SQL and there is some application but its not as heavy as
if
> > you would write C or Java. I work on systems like Stuinfo and the Courses
> > system and honestly we spend more time discussing if we can give this or tha
t
> > info out on the web(90%) (privacy etc.) than write the webpages(10%).
>
> Ah hah, there *is* someone out there actually working on this
> stuff.  Then maybe you can explain why the notice at the bottom
> of the stuinfo pages prohibits me from letting other people know
> what my grades are:
>
>              Data on this system are to be considered
>              confidential and may not be made available to a
>              third party.
>
> or, if that's not what it means, just what it actually *does*
> mean and why it's worded that way.  (I tried to submit this via
> the official feedback form once a long time ago, but it didn't
> work.)

Good question. I am not as well versed as Ed but I could give a few rants on
clients and their pet peeves and how burocracy works. I am certain this
sentence has some important meaning to a person above me and signifies that in
the event you tell somebody about your personal information MSU is not reliable
for leaking information. I will refer your question to my superiors and get
back with an answer if there exists one.

<update> Just heard the answer. The reason that line is there is because
Administrators have access to all student records and they must be warned.
Basically there should be flagged if a user is an administrator. I might look
into this and put a small flag in there so you won't be bothered by this
sentence in the future but it may take a while because I need to ask for
approval first =)
</update>

I wrote an addition for Stuinfo a couple weeks ago. It is an additional page
only accessible for International students. The page is active over the summer
months (as in right now) which creates an extra link for Internationals to a
side page. On this page they can opt-in to having their Fall bill delayed. This
is used to be done via snail mail confirmation.

Well me being international myself I just said: "why not save me the
programming time and just handle this on the mainframe and simply delay all the
International coded student's bill _automatically_?" Well of course the answer
was "We can't do that because there is some internationals who are present in
the USA over the summer months and MSU doesn't want to lose out on that money."

So me having no power and MSU needing its cash I set out to write the page. In
addition they asked me to create a java driven pop-up to link to the registrars
page where one can change their billing address. I was done and all and the
clients were all happy after having changed their wording about 3 times. Then
there was a meeting with the person in charge of data and privacy issues and
they noticed I was linking to an outside page and boom it all came back to me.
Stuinfo is protected by a security system. The registrars pages are not, hence
they forbid me to link to them.

One of the reasons is because the registrars office has been told that MSU does
not approve of their billing address change webpage. Reason is if you knew
somebody's PID you can change that person's billing addresses. There is no
security in place. Terrible move by the registrar.

So because they do not want to support such unsecure practices I had to change
my page
and implement a billing address change page inside of Stuinfo which takes a
student input and then uses a mailer to send email to the registrar whose
workers will then manually enter this data into the SIS mainframe database.

Get what I mean with burocracy??? All of this could be handled by a simple
switch in a cobol program on the mainframe but now we spend time on
analysis/writing the page/rewriting the page and the registrar still has to
hand edit any address changes. Talk about efficiency....

I could have put the address changes into a database and let the registrar
automatically feed the changes into the mainframe but I was asked not to do
this because they want to signal the registrars office how insecure their
billing address webpage is and that they should secure it. I guess when they
get sick of manually entering the addresses they will get around to it.

Besides I don't understand that every department in the Administration needs
their own little web team. If you ask me all these administration related pages
should be under one house, handled by the same team and it be easier to manage
and secure.

I also suggested that the final exam schedule page be moved from the
registrar into stuinfo because we could automatically retrieve what classes a
stduent is enrolled in and make the exams available to the student which regards
that student instead of looking up the table. I always found the table
difficult to read. Besides we could additionally put building and room
information to be viewable. We could that way also send reminder to students
via email of when their final exams are. We could give professors authority
over their own exam schedule records in case they adopt a different policy
than the one prescribed by MSU. A nice idea but so far nothing has happened.

Wanna hear another funny? I was doing some mainframe testing regarding
a job involving the Scoring Office in the CC. I filled out my own test bubble
sheets. I personally brought them over to the scoring office and gave them the
file name I wanted the data to be in. The file arrived. I was then going to
take the file and do my cobol spiel. I had no access because all data from the
scoring office is automatically protected. I asked somebody to make a copy for
me and I got asked in exchange to fill out paperwork and get a signature from
the scoring office which allows me to access that specific dataset. I had to
get a permission to get back access my own test data. =) At the time I wasn't
smiling but my blood was boiling and I had to get back to my cubicle to calm
down. In the end a colleague helped out and made me a copy without the
paperwork.

I guess these are the memorable times at work and they make good stories for
sure.

  Ok there is more than you wanted to know.......

 mk
Previous message: compression
Next message: compression
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]