Menu
▾
▴
Re: [WWdevel] Webwork Security Features
|
From: Sam H. <sh...@ma...> - 2007-06-20 16:52:08
|
on 06/19/2007 10:00 PM jf...@pu... said the following: > My name is Justin Floro and I am a graduate student at Purdue University. The > mechanical engineering department at Purdue is considering using the Webwork > system in an engineering thermodynamics class. Some of the faculty have > questions regarding the security features of webwork. I have searched the > webwork website for information pertaining to the security features of > webwork, but I have not been able to locate much information about them. > Could you please provide me with documentation on security, or tell me where I > may go to find it? Hi Justin, The WeBWorK security model is pretty standard -- one logs in with a user name and password, and a session key is generated that is used to authenticate subsequent requests. The session key expires after a configurable period of inactivity. WeBWorK also has a permissions system -- each user has a numeric "permission level". Each WeBWorK action is assigned a minimum required permission level, and a user must meet that minimum to perform that action. All this is configured in the main configuration file -- global.conf. You can peruse the latest version of the file here: <http://cvs.webwork.rochester.edu/viewcvs.cgi/webwork2/conf/global.conf.dist?rev=HEAD&content-type=text/vnd.viewcvs-markup> Thanks for writing -- I'm glad Purdue is considering WeBWorK. Let me know if you have other questions, or need assistance in getting things working. -sam |
