Goodluck to the winner of the second giftcard!

Quote:

Originally Posted by Chad

Goodluck to the winner of the second giftcard!

Yeah, let those of us who can't get in know what you think of Maccess!

One of the concerns that I have is that with everything so centralized and easy to access, someone who logs into MACCESS just for WebCT would click on MUGSI just because it's there. Normally, this wouldn't be a problem, but for times when MUGSI is overcrowded and nearly impossible to get on (during grades release and course selection, for example), wouldn't this put an unneccessary strain on the system and make MUGSI reach its quota of students allowed on a time faster?

Also, I hope that MUGSI and WebCT are still kept separate and accessible through their own servers and URLs because I would hate to not be able to access a service just because one of them crashed or if MACCESS crashed.

This is awesome!!! Fantastic work.
EDIT: The only thing that bugs me is the webct integration. Would it not be better to integrate the actual website rather than the weird webct like links.

Quote:

Originally Posted by opensky

One of the concerns that I have is that with everything so centralized and easy to access, someone who logs into MACCESS just for WebCT would click on MUGSI just because it's there. Normally, this wouldn't be a problem, but for times when MUGSI is overcrowded and nearly impossible to get on (during grades release and course selection, for example), wouldn't this put an unneccessary strain on the system and make MUGSI reach its quota of students allowed on a time faster?

We wondered about this too. But, after we talked to a bunch of students we thought that at these prime times most students know what they are doing. And, by having a link to MUGSI with single sign-on in the tab, you don't take a MUGSI session just by clicking on the tab. We will monitor carefully.

Quote:

Originally Posted by opensky

Also, I hope that MUGSI and WebCT are still kept separate and accessible through their own servers and URLs because I would hate to not be able to access a service just because one of them crashed or if MACCESS crashed.

Yes they are separate! The portal provides glue to bring other applications together but they are all independent. If WebCT fails, that tab would give a message that the system is not available. Everything else will work. If the portal itself fails, all components would be accessible from other links - but without the single sign-on. We have a contingency web page that MACCESS will be re-directed to if the portal fails and that page will have all the links in one spot.

Quote:

Originally Posted by thatdudeukno

This is awesome!!! Fantastic work.
EDIT: The only thing that bugs me is the webct integration. Would it not be better to integrate the actual website rather than the weird webct like links.

We stuggled with this one and in the end we went this way for two reasons. If you were working on WebCT and then went to another tab and then back, you would be left at the WebCT start page instead of where you left off - which would be frustrating. Also, if you are in WebCT, the portal thinks you are not active (because you are not clicking portal tabs, etc). So, after 30 minutes your session would time out even if you are in the middle of something. The way it is setup now may be less elegant than the ideal, but we think it is better than the alternative.

Many thanks to all of you who tried out the portal. The second gift card was won within 8 minutes of me posting the offer! There will be more opportunities this week (they will be advertised in the residences but open to all).

Maccess is great in concept however, as I just found it, there is a large security flaw.

If you have a safe password (as in letters, numbers and special characters), chances are you can't log in. Also if your password is longer than 10 characters, you can't login. The only way you can login is if you change your password according to the following guidelines:

Quote:

• use uppercase and lower case letters
• use numbers
• 10 characters or less

This is somewhat in contrast with the password guidelines we receive when trying to change the MAC ID password, at least 2 of the following:

Quote:

• Uppercase letters
• Lowercase letters
• Numbers
• Symbols

For a website which gives access to all kinds of personal information, one would expect security to be at least on par with the services to which it provides access (i.e. MUGSI, MUSS, WebCT).

I will not be using the site until the security issues are fixed. The service it provides is great in concept, but having to downgrade your personal security is not worth it.

No wonder I can't get in...my password doesn't fit the guidelines!

Well then, I agree with Danny -- I'm not changing my password just so I can get into MACCESS. For now, I will stick to bookmarks for all the Mac websites .

This is a clarification to the comments that DannyV posted about problems which he classifies as a "large security flaw" (and I think are only a bug). I'd like to thank DannyV for working with us behind the scenes to diagnose this bug. I think he may not have had all the information when he posted.

The criteria DannyV posted are NOT the limiting criteria for passwords. The maximum password length is greater than 35 characters (Why you would want more than that is beyond me). As per MUGSI standards, upper case letters, lower case letters and numbers are accepted. Unlike MUGSI, some (only a few) special characters are not recognized. I cannot reveal the special characters that are rejected without revealing characters in the passwords of people who have posted that they cannot log in.

So, there is a usability issue in that some students cannot log in until a fix is applied or unless they change their passwords. There is no security flaw. There is no need to weaken passwords. There is no greater risk to information stored in the system than there is in using MUGSI itself. Passwords can't be cracked any easier.

We have this on our top priority for fixes but you should feel comfortable continuing to use MACCESS.

Hey Danny. You can still have a secure password with 35 characters of letters (upper/lowercase) and numbers. I wouldn't call it a 'security flaw', just a limit to which special characters can be used. I agree though that all special characters allowed in the services used within the portal should be allowed.