Pinnacle, Online Grades, Skipping School and More 912
Ishkibble writes "The Matrin County School
Board has a new way of post a student's
grades online for a parent to check. Pinnacle is the name of the
program, a simple java applet. Not only does Pinnacle log student's grades, but
also attendance and conduct. The way grades are accessed are by inputting the
first 6 digits of your social security number and the first 5 letters of your
last name. With a logon system as simple as this, one has to question the
security and privacy of the students. This has been making my life a living
hell for the past 2 months, every night my parents go on and check to see if i have any homework and won't let me do anything till it's done"
already been done (Score:3, Informative)
Ahh, yes... Pinnacle Gradebook! (Score:5, Informative)
I a Customer who uses this *thing*. It has a Win32 "thick client" that back-ends into a Sybase SQL Anywhere database, and this Java client to allow external users to access the database. The dumb thing uses its own security database, so now when we add new teachers to the district-wide LDAP single-sign-on system, we also have to go manually add them to the "Pinnacle" database.
The company that installed it into my Customer site encouraged teachers to use *hard* to guess passwords like their first names. Further, anybody with an ODBC driver for Sybase SQL Anywhere can just "connect" to the back-end database and "go at it". Couple this with the *rancid* filesystem permissions that the installer put on it ("Oh-- why is is a problem that any user can write to the directory where the "thick client" EXE is installed... Ho, hum."), and you've got a recipe for disaster...
Oh, to be young again...
Re:So... (Score:2, Informative)
127.0.0.1 stupidschool@stupidschoodomain.com