I'm not and have never been talking about writing to a live database. I can understand why companies do not want people to do that and having had to pick apart a database contaminated with ignorance, they have my sympathies. Technically, I am simply taking a copy of the database and putting it on a different platform. The target database is as well protected as the MS SQL database and the utility used can transfer at a socket level without ever dumping a text file some where inconvenient. Access to the data is then controlled through the 'application' that I provide. I access the copy via SQL because the application 'platform' I'm working with (LAMPS - but perl rather than PHP) makes it very cost effective to do so. There is no reason why this is necessarily any less secure than access via an API.Creating a sql user with read-only access would ignore this and give you full access over the database. Using the SA or similar with read-write would be completely stupid and would get you fired.
You have a very rosy view of software development within the private sector. I spent 30 years doing database development for private companies on products that were sold to customers and I can only say that putting your trust in them blindly is a bit of a mistake. At least with an in-house app, I know exactly what I am dealing with and the only person I need to trust is myself and others in the team.If a school (head, SMT, governors, parents, staff) decide to use a open-source product to access their MIS system, which is fine, they have to access the risk and the damage that it could cause if a security hole is exploted. If you purchase a product off the shelf, the company would have hired a 3rd party to regularly security check there software and would have insurance to cover any costs that might occur if the worse happens.
I am entirely comfortable with what I am doing, how I am doing it and perhaps most importantly why I am doing it. I don't believe there is any danger of me being fired for doing it, but thank you for your concern. I'm a strong believer that we own our own data and have the rights to access it in whatever way suits us best. I'm not encouraging others to follow my 'lead' just trying to put information where others who might find it useful, might find it.Clearly posting on a public forum that you're ignoring the approved methods of data access is silly. If you've actually done it, your leaving your school vulunable and unsupported is professional gross misconduct. I hope for anyone sake that ignores the approve methods that they have covered there backs (in writing) and for the schools sake, they don't end up getting hacked.
ETA - Apologies to all for the diversion, I'll shut me gob now.
Last edited by pcstru; 23rd March 2012 at 11:14 AM.
My other concern is that you spend £££ of tax payers money developing a system, then you leave and the school just ditches it or replaces it with something else. I'm aware of this happening for real in a school. Lovely system too from what I gather.
@matt. I'm afraid that by default, I like to treat people as responsible adults who are quite capable of making informed decisions off their own backs and taking responsibility for their own actions. I need some evidence before I start to think, or treat them as idiots. So I won't be including any disclaimers for example when I supplied examples of SQL and stored procedures to ease access to assessment data in CMIS or when I supplied some example spreadsheets which could be configured to directly access MIS databases. I assume if people have the means to provide the credentials to access a database at that level, then they have that means for a reason.
Naturally, I'm delighted that you like me, hate to see tax payers money wasted. I do believe we (by which I mean the school I work at) are in the business of educating students, we are not a software development house. When we choose to do something a particular way, it should be because that maximises the benefits to the students. There is a balance to be had with staff skills. If you worry too much about what happens when people leave, then you will restrict what you can offer to the lowest common denominator that you can expect to recruit. If we always did that then our IT staff would be unhappy (because they would feel undervalued) and our students would be ill served (because we actually have some highly skilled staff that have a lot to offer). The risk needs to be identified and managed rather than ignored but such risks can be managed.
I'm sure there are many examples of failed systems and systems that are replaced when people do leave. 'Systems' do tend to have limited lifetimes anyway so change is a natural part of the cycle. I'm not sure I can think of any particularly successful systems that started out in Schools. SIMS, CMIS, Parentpay ... most of the performance monitoring stuff I've been looking at seems to have been cooked up in a school or in very close association (often by the immediate family of a teacher), but I'm sure none of them are good examples that anyone actually uses. We must naturally leave this kind of thing to the boys and girls at the likes of Capita and Serco, they after all are gifted with a talent that can only thrive in the profit motivated private sector and as the consummate professionals they are, we never witness them withdrawing a spring release or issuing an upgrade which is so ill thought out that the only option is to restore a database from backup after applying it.
Anyway, just sayin'. Have a splendidly sunny weekend everyone.
PiqueABoo (24th March 2012)
I recommend that every iteration of what you implement is externally PEN tested by a recognised organisation - the fines on the school for exposing data to the wrong people are crippling. Make sure you deal properly with court orders; once a court order is issued the excluded parent must not be able to see any details of the child.
Nit-pick: pen is an abbreviation not a TLA.
Mixed feelings about that, on the one-hand discouraging amateurs lacking a "security mindset" from exposing the crown jewels to the world is probably a good thing, but it reads like "You can't afford to do this so don't even try".
matt40k (24th March 2012)
Sorry, the cost of PEN testing vs the fine alone makes it worth while. Not before you think about damage of data getting into the wrong hands. If it's only internal then it's a different matter. If you're opening it up to the internet PEN testing is a must. Remember, if you're on a LA connection, they will regularly PEN test the connection and they may be able to give you reports for your sites. Just note this won't be application testing, so it won't be as detailed. But it's a start, before you go live you may want to look at getting it specifically tested - this is the bonus of using Moodle (like cybernerd said) or similar, as this would have been tested by others.
PS: You wouldn't be making many changes to the live site surely? Only the dev site would be changed regularly, other then (hopefully) content.
Right. Err ... you don't think INTERNAL threats are an issue - in a school? Good to know no students are going to be having a go, from the inside as it were.Not before you think about damage of data getting into the wrong hands. If it's only internal then it's a different matter. If you're opening it up to the internet PEN testing is a must.
Will they indeed! I've never seen that in an LA contract and I would have expected to given that doing so without the schools permission might lead to criminal prosecution under the computer misuse act.Remember, if you're on a LA connection, they will regularly PEN test the connection and they may be able to give you reports for your sites.
I doubt that Moodle actually qualifies in the sense of professional quality standard driven PEN testing. I couldn't point anyone toward certification of testing, test scripts ticked off, QA sheets signed by professionally indemnified persons. With moodle, apache, MySQL, Linux, Ubuntu/Red Hat/Centos/Debian etc, Perl, PHP - I'm going to have my work cut out putting together a platform that complies to any reasonabe quality standard without actually commissioning 3rd party testing for my environment - sudo forbid that If I actually did, I could then ever afford to apt-get update. It's interesting though that you think Moodle is secure given the lack of certification. Good job people like me don't contribute to the code writing mucky old SQL! No, luckily it's all done by consummate professionals ... err ... somewhere via... err, some ... err ... API ... thang ... or summat.Just note this won't be application testing, so it won't be as detailed. But it's a start, before you go live you may want to look at getting it specifically tested - this is the bonus of using Moodle (like cybernerd said) or similar, as this would have been tested by others.
[/quote]PS: You wouldn't be making many changes to the live site surely? Only the dev site would be changed regularly, other then (hopefully) content.
No. Lord forbid anyone even so much as changes their password lest I have to get the whole network signed off by an external agency ... again. Perhaps ... oh, I dunno, Capita could offer a service of something. Save us from our data and deliver us our hosting, for thine is the securely-penetration-tested-cloud, the bandwidth and the latency, forever and ever, ahmme..., profits! Trebles all round!
Last edited by pcstru; 24th March 2012 at 10:13 PM.
@pcstru - For a smart person you are being extremely dumb. We are giving you free advice that will prevent you and your school getting into trouble. I hope someone who knows where you work informs your employer\LA and ensure you follow the correct procedures. Otherwise we look forward to reading about it in the newspaper and we'll be posting our comments of "I did warn him...". I'm amazed Phil Neal actual posted as he normally stays clear of such posts - he does refer them them later on however
Internal use is limited to physically being onsite (unless you have some external access) and users are subjective to the ICT policy, UK law etc. If a student or member of staff hacked into something, they would be subject to school discipline procedure (and UK law etc if required) and could be easily dealt with (ie sacked, "slapped"), a person in China hacking in would be much, much more difficult to deal with and would take a lot longer too.
LA PEN tests everything it controls - part of GCSX, COCO, PCI-DSS and all those other policy's they must follow and standards they must meet. If they've already got a package for external testing, my comment was to ask them if they could include your website in the list - ie extend what they do currently by testing your website (assuming it's hosted at the school\LA?)
Moodle and others, are just frameworks, following a framework means that the underlying technology is dealt with by someone else, you just deal with the content and add-ons - allows you to be more agile too. It's smart way to work and that's why nearly every major player does it. Apache\Perl\Linux blah blah blah is just a pointless comment, it's getting onto managing the server which isn't part of the discussion, if you do it all, you need to follow security alerts and ensure the server is patched regularly and you've hardened it correctly and a million other things. If you buy a hosting package, they should be doing it otherwise you shouldn't be using them for sensitive data. Google\Microsoft offer such services, your LA will most likely offer web hosting too. It may or may not meet the requirements for what you want to do.
IMHO your a failed software developer (possible your old work went bust so perhaps a harsh complete) and your trying to make your current job into something you want rather then what it is, what it needs to be. I find it extremely disrespectful that you find Capita numerous interface useless, the Capita team have more knowledge, experience and understanding then you could ever hope to have, which is why I don't get why you blatantly ignore it. Even if your LA refuses to assist, which to be fair, they might not be able to support so it's a reasonable thing - actually they won't 99.9% of the time. But if you were determined to do this and your school was backing you, you contact Capita - a quick look on Capita's website gave me the name and contact details of the person in partners team at Capita. I've dealt with him before, so has Penfold, ok he might not be willing to give out everything to anyone who asks, but they will help. You'll have to start off slow and build up to the large bits, but shortly that's how all programmers work?
I know no-one likes following all the polices and procedures - I personally really hate it. But we all must do it, so we do. It took me over a year to get our SOLUS3 server setup, it took me longer to do the first design document then it did to build and configure it! If policy wasn't needed, it wouldn't exist and although it may seem silly to you or others, it is important and must, MUST be obeyed.
Sad facts. Most open-source software (on here anyway) are one developer. The project dies when the developer moves on, gets bored or gives up. If you've (anyone reading this) had a "unique" idea*, your most likely not be the first one to come up with it, there are 22,000+ schools using SIMS, all doing the same thing - running a school. There are, Capita claim, over 200 partners - someone has most likely already build that "unique" idea. My first draft of this post, most of it got lost.
* By unique I me anything other that what Capita should be doing (ie not a bug fix).
I REALLY don't want to read in paper about a pedo who hacked (or paid someone to) into a schools parent gateway because some lazy (explicate word) couldn't be bothered to follow a few simple rules and build it the right way. Don't cut corners, it will cost later. If you honestly don't think it'll never happen, I hope your right. But personally, I would NEVER risk it.
PS: Plus if anything bad did happen, it would mean we would all hear about it again and again from Capita as they try to sell us some more rubbish add-on.
Last edited by matt40k; 25th March 2012 at 12:09 AM.
@matt. You are probably right. I do recognise that I have vast oceans of ignorance at my disposal and since despite your best efforts to help, I remain confused, I must be being extremely dumb.
Iím perhaps most confused about the API and mandated use of it. If I use the API, I will use it to extract data which I will then import into the other database (a fairly common approach as I understand it, or at least that seems to be what a number of different suppliers systems do Ė Parentpay, nationwide, truancy call, moodle, ParentMail, etc etc). So I might pay the supplier for the API, learn to use it which will probably take a week or so (maybe a lot longer for a failed software developer <sob!>), craft some specific procedures together so that I can make the API calls in the way that the API demands which will probably take another week. After all that I might have the data sitting in the other database, a task that took me 5 minutes and cost £40 with the tool that I initially Ďrecommendedí. As far as I can see, Iím no better or worse off in terms of security, since the API was only used to transfer data, in bulk, out of the MIS. Itís doing nothing for me at the application side Ė how could it? But I have just spent a few weeks of taxpayers money to get somewhere my ignorance could have taken me in five. Ignoring all the other fluff Ė can you please explain a bit more what I am doing wrong there Ė where exactly is the flaw in my plan?
I had to read back over my posts because I donít remember being disrespectful towards the SIMS API. I donít see it reading them again, so perhaps you could point it out? I actually blatantly ignore Capitaís API because we do not use SIMS, as I said in an earlier post (which you obviously took care great care to read).I find it extremely disrespectful that you find Capita numerous interface useless, the Capita team have more knowledge, experience and understanding then you could ever hope to have, which is why I don't get why you blatantly ignore it.
And people wonder why some folks value their anonymity.I hope someone who knows where you work informs your employer\LA and ensure you follow the correct procedures.
David_Grashoff with specifics of what data you want to access, and he'll be able to advise.
Command Reporter will work well for most things though, if you read on some of the other specific threads there are some complications and limitations, especially when automating it. Certain reports that work directly in SIMS, wont necessarily work automated.
Personally, i don't see anything wrong with porting a backup of your data to a test server that is internal only and locked down. Then extracting what you want with your own queries. It's a pain making sense of the structure and you have to change what you've done if they rearrange the data in the system during upgrades.
TBH you only want really basic info out anyway and that can all be dumped on a report. Accessing linked documents might be harder and how you make them available, but the concerns with wrong parent etc. are equal in any system. So long as your public site is locked down to a high standard. Go for separate parent logins though as recommended.
BTW @matt40k - @pcstru is a CMIS guy, so chill - we don't care if he mucks up 'their' system.
@matt40k and @pcstru
The reference to LAs performing penetration tests is a little misleading and will vary from LA to LA. If your schools connects into the NEN (and hence to JANET) there is a duty by the RBC / LA to ensure that the network is not left vulnerable and so are likely to actively monitor traffic and what is open on the various ports. This can include doing remote system checks to see if there are common vulnerabilities open. This does not require anything specific to be tried to see if it can be 'broken into' and the aggressive testing on specified IPs is something different and most will only do it on request.
It is also worth saying that you are on *their* network. Depending on what type of school you are you are technically part of the same organisation so before anyone starts throwing round things like Computer Misuse Act it is worth finding out what is checked, who has authority to do so and why. If you are on a network that crosses over onto a GSi family connection (GCSx, N3/N4, etc) then I would struggle to think of any school that could operate fully with the agreed CoCo ... and connection into it is likely to be limited, heavily controlled and with a lot of caveats. Having spoken with a number of LAs involved in ContactPoint (before it was binned) and eCAF ... those who were allowing schools to connect in their GCSx lines only did so via a Citrix / virtualised front-end ... we certainly didn't go down that route and kept schools and LA very, very separate ... which kept the LA IT folk happy and meant that unworkable restrictions where not put on schools ... but a lot of advice to schools was given and the attitudes of many for security was very scary.
PiqueABoo (25th March 2012)
1) Not pointing any fingers in any particular direction, but I've tripped over exploitable serious security vulnerabilities in some stuff from some large vendors. Far as I'm concerned none of 'em deserve your trust simply because you've heard of them, it's a long-standing product with some discernable market share, they say it's wonderfully secure, you haven't heard about it being hacked or whatever. For the most part proprietory school systems/software has had an easy ride re. security because folk who hack things well generally have more interesting targets.
2) I'm not aware of a school being fined by ICO for anything relevant yet, as opposed to undertaking to pull their socks up. We had the publicised school with password reuse issue last year where hacked credentials retrieved from one system got them into an independent (MIS) system - you really ought to think very hard about the implications of user password reuse, also of AD integration.
3) The main risk reading data out of anyone's undocumented DB is of course interpreting it wrongly e.g. you may have to decode the meaning of obscure content in several fields to accurately decide whether some Widgit record is active, whether it should be collected or ignored. The main benefit of APIs then is that they ought to do that work for you. However the DBs I've pillaged don't have APIs I can get, so I've just painstakingly reversed stuff like that and OMG(!) one vendor update even changed the contents of a rather critical field once, but ::shrug::
Last edited by PiqueABoo; 25th March 2012 at 05:11 PM.
There are currently 1 users browsing this thread. (0 members and 1 guests)