@ apearce: yes they've been on about this for a while, common sense really this is why i've been upset when Capita ask us to put our Db on a CD and post it. I don't think edugeek will come under that guidance as we don't put pupil or personal information on the forums.
It's not that Edugeek's forums are slower than other forums it's just that the whole idea of web sites like this is horribly slow when you're used to dealing with mailing lists or newsgroups.Originally Posted by ZeroHour
I *hate* all the extra stuff that has to be loaded on to a page just so I can read a few lines of text.
I appreciate that the advertising helps to pay for the site but I just want to get to the content as quickly as possible and could live without all the smiley choices, avatars and the rest of it.
I'd guess I'm just too old :-)
Yeh its hard to walk the fine line of functionality over speed
As well as guidance for schools there will also be guidance for companies who have a data partnership with schools. If nothing else, companies like Capita will have free access to the guidance for schools ... and be told "If you operate in such a way that you force schools to be in breach of this guidance then you too are culpable when things go wrong ... change your practices!"
The key thing in this is not so much which sites you access, but what data is shared across the connection. All data held has an impact level and it is level 3 and above that you need to keep an eye on. The guidance should provide clear indication of what levels the different data is at. Level 3 has to have one level of encryption before transfer via public means ... level 4 has to have 2 (eg the files are encrypted and so is the method of transport) ...
EG will have little to worry about on this side of things, but registration (which contains personal information about you) and subsequently access to changing your details on your control panel should be encrypted for your protection and ours. Discussion about specific incidents which may include some information about others (especially students) may be regarded as sensitive ...
To be honest, we may just have to wait and see. I hope to meet with them again on Wednesday and the info I have had so far is enlightening. The aims is that this is not just a letter mandating that you will follow a set of rules, but examples about how you can get there aimed at both the use of technology and policies / procedures.
Perhaps make a premium subscription that has no ads?
Or a sub.domain that is designed for mobile users etc. Then maybe a script that would redirect you the correct one.
- www.edugeek.com
- broadband.edugeek.com (full bloat)
- mobile.edugeek.com (iphones and such)
- narrowband.edugeek.com (left images)
- text.edugeek.com (text only)
Speed and functionality - two variables that are very subjective.
Personally, when on a laptop, I hate having to scroll down the page in order to read the actual post. But I really don't mind that very much if the information I am seeking is forthcoming, which it generally is.
As for HTTP/HTTPS - if it gives some people a sense of security that can't be a bad thing surely?
User choice I'd go for, but yes encrypted logon / registration is good.
I prefer to see https when inputting login details, as for rest of site not to concerned.
I also voted https just for login, but then again for a forum it isn't overly important. I don't see the point making the whole site secure. It will use up a lot more server resources and will gain nothing. Thinking about it, I don't know any website which uses SSL for everything.
vBulletin do a good job in regularly publishing updates to keep websites (such as Edugeek) secure; and the point where an intruder could obtain any useful information is at logon only. A better alternative would be privatising areas of the forum just to registered members only (if you wanted to go down that route).
HTTPS for registration/login. Probably private messaging too if possible.
personally i dont think there is a need for just a forum, but if you did think of doing other things like an edugeek shop to buy edugeek stuff then yh obv you would use https.
its not an essential but i would use it if it was there.
James.
Don't mind
-ken
~*Walks off with his password*~Don't mind
-ken
As I understand it, on modern hardware the extra load of processing SSL is minimal. I've never had any speed issues, and anything that stops the sniffing of usernames and passwords has got to be a good thing. By allowing complete https access to the site you'd give users confidence that their password cannot 'escape'.
As Tony says, for those aspects of the site where information is sensitive (control panel, login etc...) HTTPS should be considered.
But then again, I thought openfire was running on port 443?
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote