Hello again,

I have another question regarding the school website I am currently 
rebuilding.

I'd like to have a page where parents can look up the most recent 
information about their child.

I'd like them to be able to type in the child's name (or even choose it 
from a drop down list) and then input a password.
Hopefully, then the page would show information on 4 or 5 fields. 
Probably current grades for Reading, Writing, Maths  and Science along 
with the number of days absence during the previous term.

I could get all this data from Excel and output it in a simple text file.

How easy do you think this would be to do?  Are there any simple 
solutions out there I could use? (Preferably free ones!)

Steve

Man_Mountain wrote:
> Hello again,
> 
> I have another question regarding the school website I am currently 
> rebuilding.
> 
> I'd like to have a page where parents can look up the most recent 
> information about their child.
> 
> I'd like them to be able to type in the child's name (or even choose it 
> from a drop down list) and then input a password.
> Hopefully, then the page would show information on 4 or 5 fields. 
> Probably current grades for Reading, Writing, Maths  and Science along 
> with the number of days absence during the previous term.
> 
> I could get all this data from Excel and output it in a simple text file.
> 
> How easy do you think this would be to do?  Are there any simple 
> solutions out there I could use? (Preferably free ones!)
> 
> Steve

Woe-hoe there! You ain't half getting into data security, regulation, 
and child protection issues with all this. Might I suggest that you 
contact your LEA or what ever it's called these days for advice - if 
needs be ask the head teacher/governors to it, you are getting 
yourself in a mine field...

-- 
Wikipedia: the Internet equivalent of
Hyde Park and 'speakers corner'...
Sorry, mail to this address goes unread.
Please reply via group.

Jerry wrote:
> Man_Mountain wrote:
>> Hello again,
>>
>> I have another question regarding the school website I am currently 
>> rebuilding.
>>
>> I'd like to have a page where parents can look up the most recent 
>> information about their child.
>>
>> I'd like them to be able to type in the child's name (or even choose 
>> it from a drop down list) and then input a password.
>> Hopefully, then the page would show information on 4 or 5 fields. 
>> Probably current grades for Reading, Writing, Maths  and Science along 
>> with the number of days absence during the previous term.
>>
>> I could get all this data from Excel and output it in a simple text file.
>>
>> How easy do you think this would be to do?  Are there any simple 
>> solutions out there I could use? (Preferably free ones!)
>>
>> Steve
> 
> Woe-hoe there! You ain't half getting into data security, regulation, 
> and child protection issues with all this. Might I suggest that you 
> contact your LEA or what ever it's called these days for advice - if 
> needs be ask the head teacher/governors to it, you are getting yourself 
> in a mine field...
> 
I don't think so.
We have a government target of being able to provide this information to 
parents online in the next coupleof years.
The data would be hosted on our secure web server and, as I say, 
password protected with an different password for each child.  The kids 
all know each others grades anway and I can't see how making this 
available to their parents online woulde any different o me showing them 
the markbook.

Steve

Man_Mountain wrote:
> Jerry wrote:
>> Man_Mountain wrote:
>>> Hello again,
>>>
>>> I have another question regarding the school website I am currently 
>>> rebuilding.
>>>
>>> I'd like to have a page where parents can look up the most recent 
>>> information about their child.
>>>
>>> I'd like them to be able to type in the child's name (or even choose 
>>> it from a drop down list) and then input a password.
>>> Hopefully, then the page would show information on 4 or 5 fields. 
>>> Probably current grades for Reading, Writing, Maths  and Science 
>>> along with the number of days absence during the previous term.
>>>
>>> I could get all this data from Excel and output it in a simple text 
>>> file.
>>>
>>> How easy do you think this would be to do?  Are there any simple 
>>> solutions out there I could use? (Preferably free ones!)
>>>
>>> Steve
>>
>> Woe-hoe there! You ain't half getting into data security, regulation, 
>> and child protection issues with all this. Might I suggest that you 
>> contact your LEA or what ever it's called these days for advice - if 
>> needs be ask the head teacher/governors to it, you are getting 
>> yourself in a mine field...
>>
> I don't think so.

Don't *think* or *know* so?

> We have a government target of being able to provide this information to 
> parents online in the next coupleof years.

Your point being what, just because there is a target date, or even 
deadline, it doesn't matter what or how it done?

> The data would be hosted on our secure web server and, as I say, 
> password protected with an different password for each child.  The kids 
> all know each others grades anway and I can't see how making this 
> available to their parents online woulde any different o me showing them 
> the markbook.
> 

It's still personal data (made worse by the fact that it's children's 
data), you NEED to comply with the relevant data protection laws. If 
you find out what is required then you have covered your own a*se 
should anything go wrong.

-- 
Wikipedia: the Internet equivalent of
Hyde Park and 'speakers corner'...
Sorry, mail to this address goes unread.
Please reply via group.

"Man_Mountain"  wrote in message 
news:49CE63AC.4040104@ploppy.net...
> Jerry wrote:
>> Man_Mountain wrote:
>>> Hello again,
>>>
>>> I have another question regarding the school website I am currently 
>>> rebuilding.
>>>
>>> I'd like to have a page where parents can look up the most recent 
>>> information about their child.
>>>
>>> I'd like them to be able to type in the child's name (or even choose it 
>>> from a drop down list) and then input a password.
>>> Hopefully, then the page would show information on 4 or 5 fields. 
>>> Probably current grades for Reading, Writing, Maths  and Science along 
>>> with the number of days absence during the previous term.
>>>
>>> I could get all this data from Excel and output it in a simple text 
>>> file.
>>>
>>> How easy do you think this would be to do?  Are there any simple 
>>> solutions out there I could use? (Preferably free ones!)
>>>
>>> Steve
>>
>> Woe-hoe there! You ain't half getting into data security, regulation, and 
>> child protection issues with all this. Might I suggest that you contact 
>> your LEA or what ever it's called these days for advice - if needs be ask 
>> the head teacher/governors to it, you are getting yourself in a mine 
>> field...
>>
> I don't think so.
> We have a government target of being able to provide this information to 
> parents online in the next coupleof years.
> The data would be hosted on our secure web server and, as I say, password 
> protected with an different password for each child.  The kids all know 
> each others grades anway and I can't see how making this available to 
> their parents online woulde any different o me showing them the markbook.
>
> Steve

Perhaps you should work out the basics of web design and law before you 
start this. I hope this has nothing to do with my kids.

Still, nice insight in to government IT projects. Explains a lot.

AC

On Sat, 28 Mar 2009 17:02:31 +0000, Man_Mountain 
wrote:


>
>I'd like to have a page where parents can look up the most recent 
>information about their child.

This is a matter way above your pay-grade, *whatever* that is.  It's
above the pay-grade of the head and Governors.  

As others have said this is a minefield no bomb disposal expert would
even think of going near.  

If this lunatic idea does go forward, then I suspect eventually you'll
be reading a 4" thick manual concerning child protection, data
protection yadda yadda bing bang boom that the LEA will have to issue,
and attend a series of training courses, tick many boxes, sign many
forms, give up because it's all WAY too stupid an idea anyway to even
dream of having this sort of data accessible over t'internet.  

There are simply too many issues and too many layers of complexity to
address in here.

Just a simple question of who qualifies for access to the data begins
to expose the complexity of the issues: both parents?  And how will
YOU know that one of those parents has been restricted to having only
supervised access to the child - how will YOU revoke their security
access to information they are no longer entitled to have?  What about
children in care - whcih people qualify as "parents" in those
circumstances - how will YOU know when they leave their post to revoke
their security access? What about the child's OWN right to privacy? 

No, I'm afraid you haven't  even begun to comprehend the scope of what
you are thinking of.  Sorry to pour weedkiller on that particular
patch of roses.

On Sat, 28 Mar 2009 17:51:40 +0000, Man_Mountain
 wrote:

> The kids 
>all know each others grades anway and I can't see how making this 
>available to their parents online woulde any different o me showing them 
>the markbook.
Because you can't see how does not mean there is not a myriad of
reasons making it wrong.  Is your last name "Shoesmith" by any chance?
Or is this your GCSE homework project?

Sorry, that was unnecessary, but I am virtually -  although clearly
not literally - speechless. 

These are far from trivial matters where "not being able to see a
problem" is far from being "master of your brief".  

Might I suggest putting your shovel down now?

spam.goes.here2@ntlworld.com wrote:
> On Sat, 28 Mar 2009 17:02:31 +0000, Man_Mountain 
> wrote:
> 
> 
>> I'd like to have a page where parents can look up the most recent 
>> information about their child.
> 
<snip>
> 
> Just a simple question of who qualifies for access to the data begins
> to expose the complexity of the issues: both parents?  And how will
> YOU know that one of those parents has been restricted to having only
> supervised access to the child - how will YOU revoke their security
> access to information they are no longer entitled to have?  What about
> children in care - whcih people qualify as "parents" in those
> circumstances - how will YOU know when they leave their post to revoke
> their security access? What about the child's OWN right to privacy? 
> 

Can you imagine the implications of contact details being (even 
accidentally) included in these 'benign' documents and those details 
happen to be about a child where one parent has had contact removed 
due to abuse (against spouse or child), never mind the local want-a-be 
paedophile looking to hook up with a nice single mother...

-- 
Wikipedia: the Internet equivalent of
Hyde Park and 'speakers corner'...
Sorry, mail to this address goes unread.
Please reply via group.

In article <MKszl.171502$Ii4.86953@newsfe19.ams2>,
 Man_Mountain  wrote:

> Hello again,
> 
> I have another question regarding the school website I am currently 
> rebuilding.
> 
> I'd like to have a page where parents can look up the most recent 
> information about their child.
> 
> I'd like them to be able to type in the child's name (or even choose it 
> from a drop down list) and then input a password.
> Hopefully, then the page would show information on 4 or 5 fields. 
> Probably current grades for Reading, Writing, Maths  and Science along 
> with the number of days absence during the previous term.
> 
> I could get all this data from Excel and output it in a simple text file.
> 
> How easy do you think this would be to do?  Are there any simple 
> solutions out there I could use? (Preferably free ones!)
> 

I notice you have had various rather hysterical replies. Before doing 
this, find out from the headmaster if it is OK, he will ask higher up 
the chain. They might allow a few of the details to be accessible under 
certain conditions. There may be a need for secure server facilities 
like with banks. 

As for the technical know how, try alt.php. I suggest you do not draw 
fire by stating the purpose, people all over the western world have 
become paranoid about kids, egged on by a hysterical popular media.

I'd hate to be a kid these days! I used to tear off on my bike with all 
my mates and we would play footy in the street and get up to every kind 
of lark. It was fun. Nowadays, imagine having parents like your recent 
respondents! I'd be gloomily sitting at home with nose pressed to the 
window.

-- 
dorayme

dorayme wrote:
<snip>
> 
> I notice you have had various rather hysterical replies. 

Not hysterical at all, at least not in our replies, we are just 
reflecting the state of the law, the 'compensation culture' in the UK 
these days and IT security concerns, not helped by this sort of thing 
happening;
http://news.bbc.co.uk/1/hi/uk_politics/7570611.stm

As has been pointed out, the OP is sleep walking into a data mine field...

Before doing
> this, find out from the headmaster if it is OK, he will ask higher up 
> the chain. 

Which is what I suggested doing to start with.

They might allow a few of the details to be accessible under
> certain conditions. There may be a need for secure server facilities 
> like with banks. 

It is possible, some schools do exactly what the OP wants (even down 
to having web-cams in classrooms), the point that was being made was 
that any of this is beyond well meaning amateurs, never mind even many 
professional web designers, as you say the security issues are on the 
par with banks etc.
-- 
Wikipedia: the Internet equivalent of
Hyde Park and 'speakers corner'...
Sorry, mail to this address goes unread.
Please reply via group.

dorayme wrote:
> In article <MKszl.171502$Ii4.86953@newsfe19.ams2>,
>  Man_Mountain  wrote:
> 
>> Hello again,
>>
>> I have another question regarding the school website I am currently 
>> rebuilding.
>>
>> I'd like to have a page where parents can look up the most recent 
>> information about their child.
>>
>> I'd like them to be able to type in the child's name (or even choose it 
>> from a drop down list) and then input a password.
>> Hopefully, then the page would show information on 4 or 5 fields. 
>> Probably current grades for Reading, Writing, Maths  and Science along 
>> with the number of days absence during the previous term.
>>
>> I could get all this data from Excel and output it in a simple text file.
>>
>> How easy do you think this would be to do?  Are there any simple 
>> solutions out there I could use? (Preferably free ones!)
>>
> 
> I notice you have had various rather hysterical replies. Before doing 
> this, find out from the headmaster if it is OK, he will ask higher up 
> the chain. They might allow a few of the details to be accessible under 
> certain conditions. There may be a need for secure server facilities 
> like with banks. 
> 
> As for the technical know how, try alt.php. I suggest you do not draw 
> fire by stating the purpose, people all over the western world have 
> become paranoid about kids, egged on by a hysterical popular media.
> 
> I'd hate to be a kid these days! I used to tear off on my bike with all 
> my mates and we would play footy in the street and get up to every kind 
> of lark. It was fun. Nowadays, imagine having parents like your recent 
> respondents! I'd be gloomily sitting at home with nose pressed to the 
> window.
> 
I have been prompted to look into this because of targets and 
information given to me by the head.
Also, I am basing my personal ideas/targets on advice/ideas from BECTA.
I have to say I agree that these responses are rather hysterical.  No 
one other than the parents/guardians/whoever would be normally given the 
information verbally/in writing/scribbled on a notebook would be given 
the password to access the grades.


Will go elsewhere to find answers!

On Sun, 29 Mar 2009 07:43:57 +1100, dorayme
 wrote:

>
>I notice you have had various rather hysterical replies

It's  meta-hysteria really.  
>
>I'd hate to be a kid these days! I used to tear off on my bike with all 
>my mates and we would play footy in the street and get up to every kind 
>of lark. It was fun.

It was. I remember those days too. 

> Nowadays, imagine having parents like your recent 
>respondents! I'd be gloomily sitting at home with nose pressed to the 
>window.

I think you slightly miss a point perhaps not well made: the OP was
being cautioned to avoid entering a minefield.  I (and from what I
read the other posters in similar veins) would not have laid those
mines - but we do have maps showing where others have laid them, and
they have a habit of going "BOOM" very loudly even before you actually
tread on one.

Having said that, I do have very genuine concerns about protecting
privacy and rights of a child to protect  his/her own privacy.

On Sun, 29 Mar 2009 00:37:59 +0000, Man_Mountain
 wrote:






>I have to say I agree that these responses are rather hysterical.  

 "Not what I wanted to hear" <> hysteria

>Will go elsewhere to find answers!

You got answers here.  Not what you wanted to hear, but that doesn't
make them wrong. 

Unless you too are suffering from "hubristic disorder" you WILL listen
to the naysayers, at least sufficiently to understand why they say
what they say and come to an informed conclusion about the matter
based on a rounded understanding of the relevant legislation..  

Or not.  Good luck with the GCSEs.

spam.goes.here2@ntlworld.com wrote:
> On Sun, 29 Mar 2009 00:37:59 +0000, Man_Mountain
>  wrote:
> 
> 
> 
> 
> 
> 
>> I have to say I agree that these responses are rather hysterical.  
> 
>  "Not what I wanted to hear" <> hysteria
> 
>> Will go elsewhere to find answers!
> 
> You got answers here.  Not what you wanted to hear, but that doesn't
> make them wrong. 
> 
> Unless you too are suffering from "hubristic disorder" you WILL listen
> to the naysayers, at least sufficiently to understand why they say
> what they say and come to an informed conclusion about the matter
> based on a rounded understanding of the relevant legislation..  
> 
> Or not.  Good luck with the GCSEs.
Just for information, some documentation about the requirement/targets.

http://schools.becta.org.uk/index.php?section=oe&catcode=ss_es_fam_onrep_03&rid=14571

Man_Mountain wrote:
<snip>
> 
> 
> Will go elsewhere to find answers!

Bye-bye then, hope you eventually pass your SATS, oh and don't forget 
to pick all your toys up before mummy puts you back in your pram!

There is no one more blind than those who chose not to see...

Everyone who knows the UK laws has told you that you are in a 
mine-field of regulation, data protection and child protection issues, 
all people have done is to point that fact out and suggest that you 
obtain guidance - you choose to stamp your feet and throw a tantrum.

-- 
Wikipedia: the Internet equivalent of
Hyde Park and 'speakers corner'...
Sorry, mail to this address goes unread.
Please reply via group.

Man_Mountain wrote:
<snip>
> Just for information, some documentation about the requirement/targets.
> 
> http://schools.becta.org.uk/index.php?section=oe&catcode=ss_es_fam_onrep_03&rid=14571 
> 

Those appear to be documents about what you need to achieve, NOT how 
to achieve it, a subtle difference that you don't seem to understand.

-- 
Wikipedia: the Internet equivalent of
Hyde Park and 'speakers corner'...
Sorry, mail to this address goes unread.
Please reply via group.

On Sun, 29 Mar 2009 09:21:48 +0100, Jerry
<mapson.scarts@btinternet.com.INVALID> wrote:

>Man_Mountain wrote:
><snip>
>> 
>> 
>> Will go elsewhere to find answers!
>
>Bye-bye then, hope you eventually pass your SATS, 

If the desired-answer won't come to the Mountain, the Mountain will
find the desired-answer.

On Sat, 28 Mar 2009 17:51:40 +0000, Man_Mountain put finger to
keyboard and typed:

>Jerry wrote:

>> 
>> Woe-hoe there! You ain't half getting into data security, regulation, 
>> and child protection issues with all this. Might I suggest that you 
>> contact your LEA or what ever it's called these days for advice - if 
>> needs be ask the head teacher/governors to it, you are getting yourself 
>> in a mine field...
>> 
>I don't think so.
>We have a government target of being able to provide this information to 
>parents online in the next coupleof years.
>The data would be hosted on our secure web server and, as I say, 
>password protected with an different password for each child.  The kids 
>all know each others grades anway and I can't see how making this 
>available to their parents online woulde any different o me showing them 
>the markbook.

The issue is not about parents seeing their own children's data, it's
about the possibility of unrelated people being able to access it. If
your security fails, then you will be in very serious trouble and both
you and your employer may be prosecuted for the breach.

Putting school grade data onto the web in a form which is only
accessible by the child's parents or authorised guardians is a good
idea in itself; it's certainly possible and isn't too difficult a task
for a competent web programmer. But it is a task for a skilled
professional, not a beginner. Posting in this group to ask how to do
it is a bit like posting in a bus drivers group asking how easy it is
to drive a double decker bus as you want to take a bunch of kids on a
field trip - there's nothing wrong with the idea, but if you need to
ask the question then you're not qualified to do it yourself.

If you want to learn how to write secure web sites, then get yourself
a cheap hosting package and practise writing them for your own use
first. Then, when you're confident that you're familar with both the
necessary techniques and the pitfalls, you might be in a position to
offer those skills to your employer. But, at the moment, you're
nowhere near that.

Mark
-- 
Blog: http://mark.goodge.co.uk
Stuff: http://www.good-stuff.co.uk

On Sun, 29 Mar 2009 08:44:26 +0100, Man_Mountain put finger to
keyboard and typed:

>Just for information, some documentation about the requirement/targets.
>
>http://schools.becta.org.uk/index.php?section=oe&catcode=ss_es_fam_onrep_03&rid=14571

That's fair enough, and there's enough detail there for a professional
programmer to work up a specification and quote for the necessary
work. And that should be your next step: to contact some professionals
and get them to offer some opinions and ballpark quotes. You might
even find that your LEA has some preferred contractors who can do it
for you at a block rate. What you don't do is try to do it yourself
without any previous experience of such work.

After all, if you'd been sent similar guidelines for providing
suitably nutritious school dinners to pupils, would you be posting
questions in uk.food+drink asking for suitable recipes, or would you
be on the phone to your caterers?

Mark
-- 
Blog: http://mark.goodge.co.uk
Stuff: http://www.good-stuff.co.uk

Message-ID: 
from Mark Goodge contained the following:

>The issue is not about parents seeing their own children's data, it's
>about the possibility of unrelated people being able to access it. If
>your security fails, then you will be in very serious trouble and both
>you and your employer may be prosecuted for the breach.
>

At last a note of reason instead of the usual knee-jerk personal data
reaction. But lets retain a sense of perspective.  The law requires such
personal data to be kept secure.  As far as I can see, as long as
reasonable steps are taken then I can't see that a prosecution could
ensue.  These aren't state secrets, they are little Johnny's exam
results. 

>Putting school grade data onto the web in a form which is only
>accessible by the child's parents or authorised guardians is a good
>idea in itself; it's certainly possible and isn't too difficult a task
>for a competent web programmer. But it is a task for a skilled
>professional, not a beginner. Posting in this group to ask how to do
>it is a bit like posting in a bus drivers group asking how easy it is
>to drive a double decker bus as you want to take a bunch of kids on a
>field trip - there's nothing wrong with the idea, but if you need to
>ask the question then you're not qualified to do it yourself.

I've only had a quick look but the BECTA site is full of the usual
weasely qwango bullshit.  Even their 'toolkit' doesn't contain anything
that remotely looks like a tool to me - just more verbal garbage.  I
couldn't, at first glance, see a specification for the security of the
system, but there are a lot of documents - it may be there somewhere.

But they are basically right - encouraging more involvement between
parents and schools is a great idea.  But what's the betting that there
is no money to make it happen?  It's going to come down to teachers
again and multiple instances of a wheel being re-invented.

Terrific idea for an open source project though, don't you think?
-- 
Geoff Berrow  0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
http://slipperyhill.co.uk - http://4theweb.co.uk

On Sun, 29 Mar 2009 17:53:21 +0100, Geoff Berrow put finger to
keyboard and typed:

>Message-ID: 
>from Mark Goodge contained the following:
>
>>The issue is not about parents seeing their own children's data, it's
>>about the possibility of unrelated people being able to access it. If
>>your security fails, then you will be in very serious trouble and both
>>you and your employer may be prosecuted for the breach.
>>
>
>At last a note of reason instead of the usual knee-jerk personal data
>reaction. But lets retain a sense of perspective.  The law requires such
>personal data to be kept secure.  As far as I can see, as long as
>reasonable steps are taken then I can't see that a prosecution could
>ensue.  These aren't state secrets, they are little Johnny's exam
>results. 

The key there is the word "reasonable". I don't think that a court
would look favourably on a secure website being created by someone who
clearly lacked the skill to do it properly. And the other problem is
that not everyone will have a sense of perspective. If the data does
leak, then hysteria among the TOTC brigade will almost inevitably
ensue. A school can't stop parents from behaving irrationally if they
think that their little darlings might possibly be exposed to the
predations of hacker paedophiles, but it can at least ensure that the
school's backside is covered should any complaints be made. I'm no
great fan of bureaucracy, as a general rule, but sometimes there can
be a great deal of benefit in having procedures and making sure they
are stuck to.

>>Putting school grade data onto the web in a form which is only
>>accessible by the child's parents or authorised guardians is a good
>>idea in itself; it's certainly possible and isn't too difficult a task
>>for a competent web programmer. But it is a task for a skilled
>>professional, not a beginner. Posting in this group to ask how to do
>>it is a bit like posting in a bus drivers group asking how easy it is
>>to drive a double decker bus as you want to take a bunch of kids on a
>>field trip - there's nothing wrong with the idea, but if you need to
>>ask the question then you're not qualified to do it yourself.
>
>I've only had a quick look but the BECTA site is full of the usual
>weasely qwango bullshit.  Even their 'toolkit' doesn't contain anything
>that remotely looks like a tool to me - just more verbal garbage.  I
>couldn't, at first glance, see a specification for the security of the
>system, but there are a lot of documents - it may be there somewhere.
>
>But they are basically right - encouraging more involvement between
>parents and schools is a great idea.  But what's the betting that there
>is no money to make it happen?  It's going to come down to teachers
>again and multiple instances of a wheel being re-invented.
>
>Terrific idea for an open source project though, don't you think?

Quite possibly, although the chances of the educational sector
accepting anything pen source seems to me to be pretty minimal, based
on my own (admittedly limited) experience of the system.

Mark
-- 
Blog: http://mark.goodge.co.uk
Stuff: http://www.good-stuff.co.uk

On Sun, 29 Mar 2009 17:53:21 +0100, Geoff Berrow
 wrote:

>Message-ID: 
>from Mark Goodge contained the following:
>
>>The issue is not about parents seeing their own children's data, it's
>>about the possibility of unrelated people being able to access it. If
>>your security fails, then you will be in very serious trouble and both
>>you and your employer may be prosecuted for the breach.
>>
Actually it's not about unNRELATED people being able to see it, it is
about 'unENTITLED' being able to see it: that might, sadly, include
one or both parents. A parent's entitlement might be lost, and the OP
would have to have a means of keeping up to date with that, and that
means simply doesn't exist - because those matters are confidential.
Kafkaesque Catch 22?  Yes, but that's the mess we have got ourselves
into.  

If you've ever had the misfortune to have to become involved in the
ordure that is the Child Protection legislation you would be aghast to
know that records have to be kept  - naming those involved in reported
suspicious behavior even where the informant is anonymous or even
possibly malicious.   The 'surveillance society' is not just about
CCTV and ID cards! 
>
>At last a note of reason instead of the usual knee-jerk personal data
>reaction. But lets retain a sense of perspective.  The law requires such
>personal data to be kept secure.  As far as I can see, as long as
>reasonable steps are taken then I can't see that a prosecution could
>ensue.  These aren't state secrets, they are little Johnny's exam
>results. 
I'm not sure "reasonable efforts" is an adequate defence, I think the
law confers absolute rights on data subjects.  Even 'best endeavours'
(which has a specific meaning in a legal context, and is quite
exacting)  is not a defence if a person's absolute right has been
abused.

On Sun, 29 Mar 2009 18:25:15 +0100, Mark Goodge
 wrote:

>then hysteria among the TOTC brigade will almost inevitably
>ensue.

TOTC? Unfamiliar acronym, probably blindingly obvious, but it's got me
beat ....

Oh .. you forgot to mention the rubbing of gleeful hands amongst the
lawyers to be appointed for prosecution and defence .... both paid for
out of taxpayers' money!   

Who'd vote for THAT crazy idea - who got asked?

On Sun, 29 Mar 2009 17:53:21 +0100, Geoff Berrow
 wrote:


>
>But they are basically right - encouraging more involvement between
>parents and schools is a great idea.  But what's the betting that there
>is no money to make it happen?  

I think it's fantastic that every parent will be given access to
t'internet in their own homes to be able to interface to little
Johnny's attendance and performance records in this 21st century
manner!  Wow, what an enlightened society we are - and I guess the
credit crunch IS coming to an end after all. 

They won't be?  What?  Eh? Oh.

So the poorer amongst us will still have to schlep along to the
Parent's Evening to find out Johnny's been bunking off all term
because the school didn't realise state benefits don't stretch to a PC
and broadband? 

Of course increasing involvment between aprents/kids/scools and
teachers IS a good idea: but is THIS the way to do it?  Dont we have
some regrets about the loss of face-to-face engagement that t'internet
allowes these days?   Is this a more to be "Oh look: a tool!  How can
we use it?" rather than "Ah: a problem - what's the best tool to solve
it?"

Probably a better idea would be to stick a webcam in each classroom so
Johnny's mum  can see what an absolute monster little Johnny is in
double Latin.   I know I was.

On Sun, 29 Mar 2009 18:31:26 +0100, spam.goes.here2@ntlworld.com put
finger to keyboard and typed:

>On Sun, 29 Mar 2009 18:25:15 +0100, Mark Goodge
> wrote:
>
>>then hysteria among the TOTC brigade will almost inevitably
>>ensue.
>
>TOTC? Unfamiliar acronym, probably blindingly obvious, but it's got me
>beat ....

"Think Of The Children". In common parlance usually preceded by "Won't
somebody".

Mark
-- 
Blog: http://mark.goodge.co.uk
Stuff: http://www.good-stuff.co.uk

Mark Goodge wrote:
> On Sun, 29 Mar 2009 18:31:26 +0100, spam.goes.here2@ntlworld.com put
> finger to keyboard and typed:
> 
<snip>
>> TOTC? Unfamiliar acronym, probably blindingly obvious, but it's got me
>> beat ....
> 
> "Think Of The Children". In common parlance usually preceded by "Won't
> somebody".
> 

Goes along side all the WATC [1] concerns when someone doesn't want 
something or other...

[1] "What About The Children"
-- 
Wikipedia: the Internet equivalent of
Hyde Park and 'speakers corner'...
Sorry, mail to this address goes unread.
Please reply via group.

Mark Goodge wrote:
<snip>
> 
> After all, if you'd been sent similar guidelines for providing
> suitably nutritious school dinners to pupils, would you be posting
> questions in uk.food+drink asking for suitable recipes, or would you
> be on the phone to your caterers?
> 

Even if the OP was asking for suitable recipes in uk.food+drink it 
would be one thing but to have asked a couple of thread up how to boil 
an egg wouldn't inspire must confidence that the person asking had the 
required skills to be a safe cook...


-- 
Wikipedia: the Internet equivalent of
Hyde Park and 'speakers corner'...
Sorry, mail to this address goes unread.
Please reply via group.

spam.goes.here2@ntlworld.com writes:

> On Sun, 29 Mar 2009 17:53:21 +0100, Geoff Berrow
>  wrote:
>
>>Message-ID: 
>>from Mark Goodge contained the following:
>>
>>>The issue is not about parents seeing their own children's data, it's
>>>about the possibility of unrelated people being able to access it. If
>>>your security fails, then you will be in very serious trouble and both
>>>you and your employer may be prosecuted for the breach.
>>>
> Actually it's not about unNRELATED people being able to see it, it is
> about 'unENTITLED' being able to see it: that might, sadly, include
> one or both parents. A parent's entitlement might be lost, and the OP
> would have to have a means of keeping up to date with that, and that
> means simply doesn't exist - because those matters are confidential.
> Kafkaesque Catch 22?  Yes, but that's the mess we have got ourselves
> into.  

I was going to stay out of this, but that seems to me either wrong or
irrelevant (I am not sure which).  If a parent losses access (a rare
event I suspect) the other parent will be all over the head teacher
waving court orders and the like about.  I.e. the school will know.
If this does not happen, then the school will simply continue to do
online what it will have to do in person -- permit access to the
data -- and it is hard to see how anyone can fault the school much
less the web programmer.

> If you've ever had the misfortune to have to become involved in the
> ordure that is the Child Protection legislation you would be aghast to
> know that records have to be kept  - naming those involved in reported
> suspicious behavior even where the informant is anonymous or even
> possibly malicious.   The 'surveillance society' is not just about
> CCTV and ID cards! 

Having looked at the referenced documents, all matters of child
protection are explicitly covered by very much more stringent access
methods.  So much so that I doubt schools will bother with
implementing them (providing what they call IL4 data seems to be
optional).

>>At last a note of reason instead of the usual knee-jerk personal data
>>reaction. But lets retain a sense of perspective.  The law requires such
>>personal data to be kept secure.  As far as I can see, as long as
>>reasonable steps are taken then I can't see that a prosecution could
>>ensue.  These aren't state secrets, they are little Johnny's exam
>>results. 
> I'm not sure "reasonable efforts" is an adequate defence, I think the
> law confers absolute rights on data subjects.  Even 'best endeavours'
> (which has a specific meaning in a legal context, and is quite
> exacting)  is not a defence if a person's absolute right has been
> abused. 

I think following the procedures outlined -- derived by BECTA
consulting with the information commissioners office -- would enable
anyone to say that they had done what was expected under the law.  For
most of the data, the requirements are not that onerous.

However, I am not going to say "go for it!" without a warning.  I
suspect (though IANAL) that being "suitably qualified" might be
significant.  The school might be in trouble if their best efforts did
not include ensuring that the people they get to do all this are
competent.  Of course, you (the OP), may very well be competent -- I
don't want to cast an aspersions, but both parties should think about
this.

-- 
Ben.

On Mon, 30 Mar 2009 01:42:42 +0100, Ben Bacarisse
 wrote:


>I was going to stay out of this, but that seems to me either wrong or
>irrelevant (I am not sure which).  If a parent losses access (a rare
>event I suspect)
It's the RARE events which cause the most problems - especially if
they aren't even thought about in advance of sitting in front of a
keyboard

> the other parent will be all over the head teacher
>waving court orders and the like about.  I.e. the school will know.
They may do, they may not do.  It's not good practice to build YOUR
security around what someone ELSE might d or might not do.  This is,
however, but one example: there is a myriad of other examples where
such a rudimentary system with insufficient security procedures (not
just secure IT systems) will fail. ESPECIALLY if the design
specification includes finding and using "a simple, easy, secure and
cheap database solution".

>If this does not happen, then the school will simply continue to do
>online what it will have to do in person -- permit access to the
>data -- and it is hard to see how anyone can fault the school much
>less the web programmer.
Because the school IS responsible in law for ensuring that only
someone entitled to access to data actually has it. And that's what
this is all about: not the method by which an ENTITLED or permitted
person receives the data, but the procedures used to ensure that only
an entitled/permitted  person receives the data. 

I couldn't fault a programmer for anything except sloppy code.   But
it seemed the OP was merging the role of business analyst and
programmer. I CAN fault a business analyst who refuses to acquaint
himself with laws covering the domain in which he needs to become in
expert. 
>
>> If you've ever had the misfortune to have to become involved in the
>> ordure that is the Child Protection legislation you would be aghast to
>> know that records have to be kept  - naming those involved in reported
>> suspicious behavior even where the informant is anonymous or even
>> possibly malicious.   The 'surveillance society' is not just about
>> CCTV and ID cards! 
>
>Having looked at the referenced documents, all matters of child
>protection are explicitly covered by very much more stringent access
>methods.  So much so that I doubt schools will bother with
>implementing them (providing what they call IL4 data seems to be
>optional).
If that's the case, then you are - thankfully - probably right.  It
does seem that the OP and the OP's headmaster had NOT read the
documents as thoroughly as you had!  I haven't read them at all: I
haven't needed to, as my issue is NOT about what THEY contain but
about how much the OP (and by extension the OP's headmaster) seemed to
have understood them. 

This is all that the brouhaha is about: the OP simply appeared not to 
have  understood the issues and was not listening to those who were
attempting to alert him to them.   

No-one (as far as I can see) has actually said they AGREE with the
pernickitiness of  the legislation (I don't, although I do have issues
with cavalier attitudes to personal data) , but that has really never
been the issue.  

The issue has been the OPs ignorance of the law (excusable) and
apparent lack of inclination to take advice on matters unfamiliar to
him (quite inexcusable).   

I hope he will read what YOU have said about the detail in the
documentation  and explain to the headmaster how a "a simple, easy,
secure and cheap database solution" is unlikely to be the necessary or
sufficient  approach.

Unfortunately if he's gone elsewhere to get the answers he thinks he
wants, he's wasting his time, and taxpayers' money.  Unless, as I
suspect, this is a pet (or precocious) student being given a project
to do for coursework.  In which case, maybe this discussion could be
as valid a learning experience for him as 'cutting the code'.  

Except I don't think he's listening ...

Message-ID:  from
spam.goes.here2@ntlworld.com contained the following:

>I hope he will read what YOU have said about the detail in the
>documentation  and explain to the headmaster how a "a simple, easy,
>secure and cheap database solution" is unlikely to be the necessary or
>sufficient  approach.


I don't see why, in principle, "a simple, easy,secure and cheap database
solution" can't be found. 

Why don't you cut the hyperbole and address some of the issues?

Exactly what level of security do you think is necessary to protect
little Johnny's internal exam results and why do you think this would be
beyond the capabilities of a competent ICT teacher?

-- 
Geoff Berrow  0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
http://slipperyhill.co.uk - http://4theweb.co.uk

On Mon, 30 Mar 2009 08:00:45 +0100, Geoff Berrow
 wrote:

>Message-ID:  from
>spam.goes.here2@ntlworld.com contained the following:
>
>>I hope he will read what YOU have said about the detail in the
>>documentation  and explain to the headmaster how a "a simple, easy,
>>secure and cheap database solution" is unlikely to be the necessary or
>>sufficient  approach.
>
>
>I don't see why, in principle, "a simple, easy,secure and cheap database
>solution" can't be found. 

I think those four things are mutually exclusive: I may well be wrong,
but I haven't noticed anyone post a suggested 'package'. The issue
however, is NOT whether such a package exists, but the OP's wilful
ignorance of the domain. .
>
>Why don't you cut the hyperbole and address some of the issues?
The OP isn't interested in addressing the issues.  The issue is
simple, yet complex: ensuring that an individual's privacy is
protected and personal data is available only to those entitled to
view it.  Even the banks, HMRC (?)   and the MOD can't do that. 

>Exactly what level of security do you think is necessary to protect
>little Johnny's internal exam results and why do you think this would be
>beyond the capabilities of a competent ICT teacher?

It may not be: it depends whether the "competent ICT teacher"
understands - or is willing to understand - the broader non-ICT
issues. ICT is not an island unto itself.   The OP did not appear to
be either competent or an ICT teacher.

In article ,
 spam.goes.here2@ntlworld.com wrote:

> The issue
> however, is NOT whether such a package exists, but the OP's wilful
> ignorance of the domain. .

Wilful ignorance eh? Would you please just stop bashing the OP up. He is 
a guy who asked a few questions. Leave him be... Some of you usenet guys 
seems to have a real problem letting go. Go and see a movie or 
something.

-- 
dorayme

On Mon, 30 Mar 2009 08:00:45 +0100, Geoff Berrow put finger to
keyboard and typed:

>Message-ID:  from
>spam.goes.here2@ntlworld.com contained the following:
>
>>I hope he will read what YOU have said about the detail in the
>>documentation  and explain to the headmaster how a "a simple, easy,
>>secure and cheap database solution" is unlikely to be the necessary or
>>sufficient  approach.
>
>
>I don't see why, in principle, "a simple, easy,secure and cheap database
>solution" can't be found. 

Simple, easy and secure are certainly possible. The issue is likely to
be cost. As I said earlier, this is a fairly simple task for an
experienced web programmer. But experienced web programmers don't come
cheap, and trying to do it in-house without the necessary levels of
experience will almost certainly be a false economy.

>Why don't you cut the hyperbole and address some of the issues?
>
>Exactly what level of security do you think is necessary to protect
>little Johnny's internal exam results and why do you think this would be
>beyond the capabilities of a competent ICT teacher?

A secure website with individually assigned logins to all authorised
users (parents and guardians) would be sufficient, from a web security
point of view. But that's the easy bit. The hard part is managing the
authorisation database and ensuring that only those who have the right
to access the data do, in fact, have access to it. For example, these
are some of the pitfalls that would need to be guarded against:

* The administrator may accidentally assign access for one child to
those authorised to view a different child's data.

* Access may not be revoked quickly enough if a previously authorised
person loses authorisation (eg, in the case of a messy divorce
followed by court orders regarding access to a child).

* Legitimate users may be careless with their usernames and/or
passwords and thus grant access to others.

* The login system may be cracked and unauthorised access gained to
the data.

* Authorised users may not always log out, and hence give access to
other people who subsequently use the same PC.

* Programming errors may cause access to be inadvertantly granted to
unauthorised users (what if two children share the same name?).

* The underlying database may be insecure and accessible from methods
other than the website.

That's all I can think of right now, off the top of my head. There are
almost certainly more. Some of these are trivial to solve, others
require more thought. I would expect an experienced web programmer to
think of them, and allow for them. I would not necessarily expect an
ICT teacher to do so, since that's not what they're trained to do.
Indeed, the OP's original suggestion would fail to account for all of
these, and would immediately break on one of them.

Mark
-- 
Blog: http://mark.goodge.co.uk
Stuff: http://www.good-stuff.co.uk

On Mon, 30 Mar 2009 20:01:06 +1100, dorayme
 wrote:

>In article ,
> spam.goes.here2@ntlworld.com wrote:
>
>> The issue
>> however, is NOT whether such a package exists, but the OP's wilful
>> ignorance of the domain. .
>
>Wilful ignorance eh? Would you please just stop bashing the OP up. He is 
>a guy who asked a few questions. Leave him be... Some of you usenet guys 
>seems to have a real problem letting go. Go and see a movie or 
>something.
Your point has some validity in terms of banging-on about it, but the
OP *was* disinclined to receive information he did not want to have
that makes ignorance (in the sense of lack of knowledge) wilful (in
the sense of consciously done). 

The banging-on is - from my part at least - because I think some
posters have strayed away from what I see as the main issue: the OP
was blindly entering a minefield, and didn't want to borrow our maps. 
Why should we insist he borrow our maps? Schools are funded from the
taxes we pay - I have a legitimate interest in how they spend my
money.

In article ,
 spam.goes.here2@ntlworld.com wrote:

> Your point has some validity in terms of banging-on about it

I can recommend a number of films. You would like Clint Eastwood's new 
movie, Gran Torino. I did. When you have seen this, I will reveal others 
that are good. <g>

-- 
dorayme

Ben Bacarisse wrote:
<snip>
> 
> I was going to stay out of this, but that seems to me either wrong or
> irrelevant (I am not sure which).  If a parent losses access (a rare
> event I suspect) the other parent will be all over the head teacher
> waving court orders and the like about.  I.e. the school will know.
> If this does not happen, then the school will simply continue to do
> online what it will have to do in person -- permit access to the
> data -- and it is hard to see how anyone can fault the school much
> less the web programmer.

Very true BUT the school needs to have the right data management 
programs in place - simple when a letter is being sent to the child's 
registered home address, either via the child or by the postal 
service, something quite different is needed when someone on the other 
side of the country never mind world could get access via any online 
system.

<snip>
> 
> Having looked at the referenced documents, all matters of child
> protection are explicitly covered by very much more stringent access
> methods.  So much so that I doubt schools will bother with
> implementing them (providing what they call IL4 data seems to be
> optional).

Telling us what is required is one thing knowing how to do it is 
another and this is what the thread is about - read the subject line, 
it's not asking IF it's possible but how can it be implemented. ie. 
can't someone telling of a suitable solution.

<snip>
> 
> However, I am not going to say "go for it!" without a warning.  I
> suspect (though IANAL) that being "suitably qualified" might be
> significant.  The school might be in trouble if their best efforts did
> not include ensuring that the people they get to do all this are
> competent.  Of course, you (the OP), may very well be competent -- I
> don't want to cast an aspersions, but both parties should think about
> this.
> 

Which is all that anyone has been saying, indeed in my own first reply 
all I did was say more or less what you have above - unfortunately the 
OP seems to have stamped his feet, thrown his toys about and then 
stomped out of the room when he didn't get the replies he liked...
-- 
Wikipedia: the Internet equivalent of
Hyde Park and 'speakers corner'...
Sorry, mail to this address goes unread.
Please reply via group.

Message-ID: <gqq3q2$k3g$1@news.motzarella.org> from Jerry contained the
following:

>Which is all that anyone has been saying, indeed in my own first reply 
>all I did was say more or less what you have above - unfortunately the 
>OP seems to have stamped his feet, thrown his toys about and then 
>stomped out of the room when he didn't get the replies he liked...

I think you have misspelled 'set upon by the rabid crowd'.
-- 
Geoff Berrow  0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
http://slipperyhill.co.uk - http://4theweb.co.uk

On Mon, 30 Mar 2009 10:35:54 +0100, Jerry
<mapson.scarts@btinternet.com.INVALID> wrote:


>
>Which is all that anyone has been saying, indeed in my own first reply 
>all I did was say more or less what you have above

Indeed you did.  It is still apparently true that Usenet is a
write-only medium for some ....

spam.goes.here2@ntlworld.com wrote:
<snip>
> 
> The banging-on is - from my part at least - because I think some
> posters have strayed away from what I see as the main issue: the OP
> was blindly entering a minefield, and didn't want to borrow our maps. 
> Why should we insist he borrow our maps? Schools are funded from the
> taxes we pay - I have a legitimate interest in how they spend my
> money.

What is more, as we don't actually know which school this is, you 
never know if one of our own little darlings, or one related to us, 
will potentiality have their private data accessible to anyone anywhere!

-- 
Wikipedia: the Internet equivalent of
Hyde Park and 'speakers corner'...
Sorry, mail to this address goes unread.
Please reply via group.

dorayme wrote:
> In article ,
>  spam.goes.here2@ntlworld.com wrote:
> 
>> Your point has some validity in terms of banging-on about it
> 
> I can recommend a number of films. You would like Clint Eastwood's new 
> movie, Gran Torino. I did. When you have seen this, I will reveal others 
> that are good. <g>
> 

Your comment actually displays a lot of what is wrong in the UK (and 
no doubt elsewhere in the world) these days, no one is interested in 
details any more, it;s all about easy, simplicity and 'having a good 
time' - one only has to look at the wireless networking adverts, yeah, 
it's great being at the bottom of the garden working on a lap-top on a 
summers day but do any of the adverts show the bloke sitting in his 
car out front parked on the public road 'hacking' into the self same 
wireless network, my a*se do they! As others have pointed out, the OP 
was either ignorant or wilfully ignoring important security issues, 
much in the same way that  the wireless networking adverts do

-- 
Wikipedia: the Internet equivalent of
Hyde Park and 'speakers corner'...
Sorry, mail to this address goes unread.
Please reply via group.

Geoff Berrow wrote:
> Message-ID: <gqq3q2$k3g$1@news.motzarella.org> from Jerry contained the
> following:
> 
>> Which is all that anyone has been saying, indeed in my own first reply 
>> all I did was say more or less what you have above - unfortunately the 
>> OP seems to have stamped his feet, thrown his toys about and then 
>> stomped out of the room when he didn't get the replies he liked...
> 
> I think you have misspelled 'set upon by the rabid crowd'.

Not at all, he was told what he needed to know, no one has ever been 
killed by crystal clear 'directness' many people have (literally, 
never mind metaphorically) been killed by walking into a minefield 
were the warning hasn't been loud, clear and precise...

-- 
Wikipedia: the Internet equivalent of
Hyde Park and 'speakers corner'...
Sorry, mail to this address goes unread.
Please reply via group.

In article <gqq4gk$pks$1@news.motzarella.org>,
 Jerry <mapson.scarts@btinternet.com.INVALID> wrote:

> 
> What is more, as we don't actually know which school this is, 

Thank The Good Lord you don't, I imagine a psychopathic 
kidnapper/killer/pedophile would be less trouble that some of you usenet 
guys to the school concerned. <g>

-- 
dorayme

Message-ID: <gqq5mt$29n$1@news.motzarella.org> from Jerry contained the
following:

>>> Which is all that anyone has been saying, indeed in my own first reply 
>>> all I did was say more or less what you have above - unfortunately the 
>>> OP seems to have stamped his feet, thrown his toys about and then 
>>> stomped out of the room when he didn't get the replies he liked...
>> 
>> I think you have misspelled 'set upon by the rabid crowd'.
>
>Not at all, he was told what he needed to know, no one has ever been 
>killed by crystal clear 'directness' many people have (literally, 
>never mind metaphorically) been killed by walking into a minefield 
>were the warning hasn't been loud, clear and precise...

Can't disagree, but my point is that many posters seem to be trying to
second guess what the OP wants to do.  I /did/ take the trouble to find
out and the information he wishes to share is not particularly sensitive
and does not require anything like the level of security being
suggested.  

Instead of trying to find out exactly what the OP wanted to achieve, the
OP has been hounded out, potentially causing more harm than good.

I hope you are happy.
-- 
Geoff Berrow  0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
http://slipperyhill.co.uk - http://4theweb.co.uk

dorayme wrote:
> In article <gqq4gk$pks$1@news.motzarella.org>,
>  Jerry <mapson.scarts@btinternet.com.INVALID> wrote:
> 
>> What is more, as we don't actually know which school this is, 
> 
> Thank The Good Lord you don't, I imagine a psychopathic 
> kidnapper/killer/pedophile would be less trouble that some of you usenet 
> guys to the school concerned. <g>
> 

At least we would only be assaulting the insecure school IT server, 
rather than the insecure children...

-- 
Wikipedia: the Internet equivalent of
Hyde Park and 'speakers corner'...
Sorry, mail to this address goes unread.
Please reply via group.

Message-ID: 
from Mark Goodge contained the following:

>That's all I can think of right now, off the top of my head. There are
>almost certainly more. Some of these are trivial to solve, others
>require more thought. I would expect an experienced web programmer to
>think of them, and allow for them. I would not necessarily expect an
>ICT teacher to do so, since that's not what they're trained to do.
>Indeed, the OP's original suggestion would fail to account for all of
>these, and would immediately break on one of them.

Well an experienced ICT teacher would be more familiar than most with
the DPA for a start as it's in the curriculum.

How secure would be the following?

A telephone call
A letter in the post
A letter sent home with the child
A poster on a school noticeboard

I can see some or all of the information being available by one or more
of these means.

There can be different levels of security depending on the sensitivity
of the data.


-- 
Geoff Berrow  0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
http://slipperyhill.co.uk - http://4theweb.co.uk

In article <gqq67k$41e$1@news.motzarella.org>,
 Jerry <mapson.scarts@btinternet.com.INVALID> wrote:

> dorayme wrote:
> > In article <gqq4gk$pks$1@news.motzarella.org>,
> >  Jerry <mapson.scarts@btinternet.com.INVALID> wrote:
> > 
> >> What is more, as we don't actually know which school this is, 
> > 
> > Thank The Good Lord you don't, I imagine a psychopathic 
> > kidnapper/killer/pedophile would be less trouble that some of you usenet 
> > guys to the school concerned. <g>
> > 
> 
> At least we would only be assaulting the insecure school IT server, 
> rather than the insecure children...

No, no, no... that is not how it works, believe me. Once you get the 
taste for it with the school server, you will be into disciplining the 
kids and once you start that... I know, I went to a pom boarding school. 
It was a disgrace. <g>

-- 
dorayme

Geoff Berrow wrote:
> Message-ID: <gqq5mt$29n$1@news.motzarella.org> from Jerry contained the
> following:
> 
>>>> Which is all that anyone has been saying, indeed in my own first reply 
>>>> all I did was say more or less what you have above - unfortunately the 
>>>> OP seems to have stamped his feet, thrown his toys about and then 
>>>> stomped out of the room when he didn't get the replies he liked...
>>> I think you have misspelled 'set upon by the rabid crowd'.
>> Not at all, he was told what he needed to know, no one has ever been 
>> killed by crystal clear 'directness' many people have (literally, 
>> never mind metaphorically) been killed by walking into a minefield 
>> were the warning hasn't been loud, clear and precise...
> 
> Can't disagree, but my point is that many posters seem to be trying to
> second guess what the OP wants to do.  I /did/ take the trouble to find
> out and the information he wishes to share is not particularly sensitive
> and does not require anything like the level of security being
> suggested.  
> 
> Instead of trying to find out exactly what the OP wanted to achieve, the
> OP has been hounded out, potentially causing more harm than good.
> 
> I hope you are happy.

Good help you if you think that security is just a matter if reading 
some civil service ('agency' in modern speak) blurb - considering how 
secure some HMG IT data management has been...

As  for the idiot who thinks he can set up such a system but had to 
ask how to obtain a file view of a server directory, 'nough said!...

Try reading *between* the lines, not just the words.
-- 
Wikipedia: the Internet equivalent of
Hyde Park and 'speakers corner'...
Sorry, mail to this address goes unread.
Please reply via group.

spam.goes.here2@ntlworld.com writes:

> On Mon, 30 Mar 2009 01:42:42 +0100, Ben Bacarisse
>  wrote:
>
>
>>I was going to stay out of this, but that seems to me either wrong or
>>irrelevant (I am not sure which).  If a parent losses access (a rare
>>event I suspect)
> It's the RARE events which cause the most problems - especially if
> they aren't even thought about in advance of sitting in front of a
> keyboard

I wondered if the parentheses were enough.  It seems not.  My argument
is not affected by the rarity of the event, hence the remark was
parenthetical.  The rarity just means it might be less work, day to day.

>> the other parent will be all over the head teacher
>>waving court orders and the like about.  I.e. the school will know.
> They may do, they may not do.  It's not good practice to build YOUR
> security around what someone ELSE might d or might not do.

That is why I addressed both halves.  If the schools knows it knows.
if it does not it can't do anything but act as of nothing has
happened.  This is, as far as I know, what they do now about all kinds
of things, data included.

>  This is,
> however, but one example: there is a myriad of other examples where
> such a rudimentary system with insufficient security procedures (not
> just secure IT systems) will fail. ESPECIALLY if the design
> specification includes finding and using "a simple, easy, secure and
> cheap database solution".

Yes.  I don't think I suggested that there were no other problems.

>>If this does not happen, then the school will simply continue to do
>>online what it will have to do in person -- permit access to the
>>data -- and it is hard to see how anyone can fault the school much
>>less the web programmer.
> Because the school IS responsible in law for ensuring that only
> someone entitled to access to data actually has it. And that's what
> this is all about: not the method by which an ENTITLED or permitted
> person receives the data, but the procedures used to ensure that only
> an entitled/permitted  person receives the data. 

I disagree and I suspect we must leave it at that.  If the school has
no information to work with, but is still responsible for acting as
if it had that information, then the all the school's systems are
equally broken.  If you think that is the case, I won't try to talk
you out of, but I don't think that is how things are.

> I couldn't fault a programmer for anything except sloppy code.   But
> it seemed the OP was merging the role of business analyst and
> programmer. I CAN fault a business analyst who refuses to acquaint
> himself with laws covering the domain in which he needs to become in
> expert. 

Indeed.  I was not suggesting anyone do that.

<snip>

-- 
Ben.