On Tue, 11 Jan 2005 09:49:59 -0500 Dan Jenkins <[EMAIL PROTECTED]> wrote:
> > Biggest problem: Their testing service requires Internet Explorer. In > fact, it requires ActiveX. It also requires changes to disable any > prompting for ActiveX components. It requires changes at the web proxy > > filter to allow its compiled HTML pages (.HTA) to pass through. And, > no, they (the testing service) has no plans to make any changes in > their application. They do not acknowledge any of these are security > issues. And testing is mandated for all students (except kindergarten > and preschool). Even viewing the test results requires these changes. Has anyone contacted the state DOE and explained the security issues involved here and why this is a very bad thing so that perhaps they might pressure the testing contractor to use a more secure system. I am not a technical person, but based on my limited knowledge I believe you are saying the contractor supplying the state mandated testing is requiring every school in the state to make at least part of their network and likely the part containing the most sensitive data about students and staff vulnerable to known security flaws. It would be one thing for a corp to do so with an internal network in order to use certain applications, but to require it of systems open to the Internet seems incredibly bad. Do I have this right? Ed Lawson _______________________________________________ gnhlug-discuss mailing list [email protected] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
