Last post Feb 05, 2015 08:34 PM by mutantbc
Feb 04, 2015 05:55 AM|intechnia|LINK
I need to develop an online solution for primary school kids from many schools.
A school needs an administrative login in order to add and manage teachers.
The teachers then need to log in to add and manage the children in their class.
The children then need to log in to perform tests.
The trouble is balancing security with usability. The children will forget and lose their user names and passwords . The teacher needs online access to the children's credentials in order to remind the children of their log in details. Therefore at least
the children's log in credentials need to be stored using two way encryption, but this isn't as secure as one way hash.
I've thought about time restricting the children's log in capability by the teacher as a way of increasing security, since this is public facing.
But, I thought it was worth asking on this forum if anyone has any experience developing a more complex authentication system such as this and if they could share their experience and techniques.
Feb 04, 2015 06:03 AM|AidyF|LINK
If passwords can be accessed your site has low security, there is no way around that, it's up to you to decide if the trade-off is acceptable, I can't see any way of coding around it.
Feb 04, 2015 06:41 AM|intechnia|LINK
I think the trade-off will have to be made, perhaps splitting the administrative tasks into an entirely different site. I can provide specific role based connection strings from each site which are granted necessary access to a few database objects.
Feb 05, 2015 08:34 PM|mutantbc|LINK
Try to read on Identity. This should give you an idea on how you are going to balance security with usability.