Questions and Answers / FAQSecurity/Privacy
Q: How is access to the site
controlled ?
A: All sections of the Site except the Welcome page, the Contact
page and these FAQ pages are viewable only by registered Alumni. You
identify yourself via the Userid which you have obtained during
Registration, and the Password you have picked at the time. You can optionally
use your e-mail address as your userID, as long as it unique (if, for example you and your spouse - who is also an alumna - share an e-mail address, you will not be able to use that address as an ID).
Q: What will you be publishing
on the site in the future ?
A: In the plans are a general-purpose bulletin-board where Alumni
can ask questions, and an Archive section where old photos and other
documents will be made available for browsing.
Q: What information is in
the directory ?
A: A member's directory entry contains as many or as few items
of information as the individual wants. At a minimum, you must provide your
first name, last name, a primary e-mail address, either a primary
telephone number or an alternate e-mail address, the city, province and country
where you live and your starting and ending dates at CP.
There are many other items of information which you can optionally
provide.
Q: What is shared among
other alumni ?
A: The profile items that most affect your privacy (e-mail addresses, phone
numbers, home street address and postal code) are private by default. Some
of them must be known to the organizers of the site for contact purposes. You may make
them public to other alumni by explicitly saying so when you edit your
profile. Most other items, which are of interest to the alumni community at large, are
public by default, i.e. if you specify these items, they will be public to your
fellow alumni.
Q: What is visible to the
general public ?
A: Nothing. You have to be an approved, registered
alumnus or alumna to view the directory. Each person has a
personal userid and password to enter the private portion of the site.
The public portion of the site consists of the Welcome Page, this FAQ and
the Contact list.
Q: How is my password be kept
secure ?
A: Your password is kept in a server-resident database in
one-way encrypted format. Nobody, not even the webmaster, knows your password, and it is mathematically impossible (or hugely unlikely) to
reconstruct the clear-text password from the encrypted version. If
you lose it, human intervention will be required to provide you with a new
temporary password, which you will then have the change the first time you
log-in to the site.
Q: What if I don't remember my
password ?
A: You are given a maximum of 3 bad password tries, after which
which your account will be locked out and you will require manual
intervention (and a bribe, a food offering or equivalent) to regain
access. During registration you can provide a password hint
which you can request during log-in if you don't remember your
password. This hint should mean something to you only. If your
hint doesn't help you you will have to contact info@cpisalumni.org
for help.
Q: Is any private
information kept on my PC (Cookies) ?
A: Emphatically no! Once you have successfully logged-in,
you are said to have opened a "session". A session token
(a 32-character cryptographically-random number) is stored as a temporary
browser session cookie on your computer. This token is used
to access session-control parameters stored in a secure location on the
web server; possession of the token alone cannot be used to hijack a
session. Please note that we use a special cookie type called a session
cookie, which will not persist between browser sessions: you shut off
your browser, bye-bye goes the cookie. If you have a fear of cookies,
please read: http://www.internet-tips.net/Security/cookies.htm
and http://www.internet-tips.net/Security/cookies_fear.htm
A Log-out command is provided
to destroy all traces of the old session and delete the cookie. It also
prevents any history entries on your browser from re-establishing a
session (via re-sending POST data) without someone having to enter an id
and a password again. Finally, the Log-out command forces a
re-login if an attempt is made to view any pages accessible through the
browser's back button. Use that command !
Q: How do I know when I am logged-out
after hitting the Log-out button ?
A: When you are logged-in your name will appear in the top header
bar; when you are logged-out, the header bar will not show a name:
| Logged in: |
 |
| Logged-out: |
 |
As well, the Log-out option on the section bar will be replaced by
the Log-in option.
Q: Is my data encrypted along
the wires ?
A: No. We are not using SSL or similar technology (i.e. you
will not see a closed padlock on your browser during CPISALUMNI
sessions). It was a cost .vs. privacy requirement
decision This site will contain no high-security or high-privacy information.
Q: Is this site hosted on a
Microsoft Windows platform and/or Microsoft IIS Web Server ?
A: No. CPISALUMNI.ORG is hosted on a Unix platform running
under Apache as a Web Server.
Q: You use PHP as a DHTML
scripting engine. I read bad press about this lately.
A: You may be referring to the PHP File Upload vulnerability.
We are aware of that vulnerability. The combination of the server
Operating System and the version of PHP we are running are not among the
combinations which are open to this vulnerability.
Q: What about the use of the
CPISALUMNI Directory for SPAM ?
A: The directory is not accessible to the general public.
There is always the possibility of a rogue fellow-alumnus going through
the directory and collecting e-mail addresses for SPAM purposes.
Each person getting a CPISALUMNI ID and password will have to agree to
abide by a set of rules. One of these rules concerns the use of fellow
alumnae's e-mail address for commercial or other undesirable purposes.
If you are paranoid about this possibility, then do not make your e-mail
address visible to your fellow alumni.
|
