MACCESS - Your new central hub for McMaster services!
11-20-2008 at 06:00 PM
|
#30
|
MacInsiders Founder/Admin
Posts: 7,121
Thanked:
1,202 Times
Liked:
1,730 Times
|
Goodluck to the winner of the second giftcard!
|
|
|
11-20-2008 at 07:40 PM
|
#31
|
Elite Member
Posts: 893
Thanked:
97 Times
Liked:
207 Times
|
Quote:
Originally Posted by Chad
Goodluck to the winner of the second giftcard!
|
Yeah, let those of us who can't get in know what you think of Maccess!
|
|
|
11-22-2008 at 12:34 PM
|
#32
|
Member
Posts: 28
Thanked:
8 Times
Liked:
2 Times
|
One of the concerns that I have is that with everything so centralized and easy to access, someone who logs into MACCESS just for WebCT would click on MUGSI just because it's there. Normally, this wouldn't be a problem, but for times when MUGSI is overcrowded and nearly impossible to get on (during grades release and course selection, for example), wouldn't this put an unneccessary strain on the system and make MUGSI reach its quota of students allowed on a time faster?
Also, I hope that MUGSI and WebCT are still kept separate and accessible through their own servers and URLs because I would hate to not be able to access a service just because one of them crashed or if MACCESS crashed.
|
|
|
11-22-2008 at 09:37 PM
|
#33
|
|
This is awesome!!! Fantastic work.
EDIT: The only thing that bugs me is the webct integration. Would it not be better to integrate the actual website rather than the weird webct like links.
Last edited by thatdudeukno : 11-22-2008 at 09:53 PM.
|
|
|
11-24-2008 at 11:27 AM
|
#34
|
Member
Posts: 12
Thanked:
0 Times
Liked:
0 Times
|
Quote:
Originally Posted by opensky
One of the concerns that I have is that with everything so centralized and easy to access, someone who logs into MACCESS just for WebCT would click on MUGSI just because it's there. Normally, this wouldn't be a problem, but for times when MUGSI is overcrowded and nearly impossible to get on (during grades release and course selection, for example), wouldn't this put an unneccessary strain on the system and make MUGSI reach its quota of students allowed on a time faster?
|
We wondered about this too. But, after we talked to a bunch of students we thought that at these prime times most students know what they are doing. And, by having a link to MUGSI with single sign-on in the tab, you don't take a MUGSI session just by clicking on the tab. We will monitor carefully.
Quote:
Originally Posted by opensky
Also, I hope that MUGSI and WebCT are still kept separate and accessible through their own servers and URLs because I would hate to not be able to access a service just because one of them crashed or if MACCESS crashed.
|
Yes they are separate! The portal provides glue to bring other applications together but they are all independent. If WebCT fails, that tab would give a message that the system is not available. Everything else will work. If the portal itself fails, all components would be accessible from other links - but without the single sign-on. We have a contingency web page that MACCESS will be re-directed to if the portal fails and that page will have all the links in one spot.
|
|
|
11-24-2008 at 11:32 AM
|
#35
|
Member
Posts: 12
Thanked:
0 Times
Liked:
0 Times
|
Quote:
Originally Posted by thatdudeukno
This is awesome!!! Fantastic work.
EDIT: The only thing that bugs me is the webct integration. Would it not be better to integrate the actual website rather than the weird webct like links.
|
We stuggled with this one and in the end we went this way for two reasons. If you were working on WebCT and then went to another tab and then back, you would be left at the WebCT start page instead of where you left off - which would be frustrating. Also, if you are in WebCT, the portal thinks you are not active (because you are not clicking portal tabs, etc). So, after 30 minutes your session would time out even if you are in the middle of something. The way it is setup now may be less elegant than the ideal, but we think it is better than the alternative.
|
|
|
11-24-2008 at 11:35 AM
|
#36
|
Member
Posts: 12
Thanked:
0 Times
Liked:
0 Times
|
Both gift cards have been won
Many thanks to all of you who tried out the portal. The second gift card was won within 8 minutes of me posting the offer! There will be more opportunities this week (they will be advertised in the residences but open to all).
|
|
|
11-24-2008 at 05:49 PM
|
#37
|
Elite Member
Posts: 893
Thanked:
97 Times
Liked:
207 Times
|
Large security flaw
Maccess is great in concept however, as I just found it, there is a large security flaw.
If you have a safe password (as in letters, numbers and special characters), chances are you can't log in. Also if your password is longer than 10 characters, you can't login. The only way you can login is if you change your password according to the following guidelines:
Quote:
- use uppercase and lower case letters
- use numbers
- 10 characters or less
|
This is somewhat in contrast with the password guidelines we receive when trying to change the MAC ID password, at least 2 of the following:
Quote:
- Uppercase letters
- Lowercase letters
- Numbers
- Symbols
|
For a website which gives access to all kinds of personal information, one would expect security to be at least on par with the services to which it provides access (i.e. MUGSI, MUSS, WebCT).
I will not be using the site until the security issues are fixed. The service it provides is great in concept, but having to downgrade your personal security is not worth it.
|
|
|
11-24-2008 at 09:03 PM
|
#38
|
Elite Member
Posts: 568
Thanked:
107 Times
Liked:
15 Times
|
No wonder I can't get in...my password doesn't fit the guidelines!
Well then, I agree with Danny -- I'm not changing my password just so I can get into MACCESS. For now, I will stick to bookmarks for all the Mac websites .
|
|
|
11-25-2008 at 09:55 AM
|
#39
|
Member
Posts: 12
Thanked:
0 Times
Liked:
0 Times
|
Password bug is NOT a security flaw
This is a clarification to the comments that DannyV posted about problems which he classifies as a "large security flaw" (and I think are only a bug). I'd like to thank DannyV for working with us behind the scenes to diagnose this bug. I think he may not have had all the information when he posted.
The criteria DannyV posted are NOT the limiting criteria for passwords. The maximum password length is greater than 35 characters (Why you would want more than that is beyond me). As per MUGSI standards, upper case letters, lower case letters and numbers are accepted. Unlike MUGSI, some (only a few) special characters are not recognized. I cannot reveal the special characters that are rejected without revealing characters in the passwords of people who have posted that they cannot log in.
So, there is a usability issue in that some students cannot log in until a fix is applied or unless they change their passwords. There is no security flaw. There is no need to weaken passwords. There is no greater risk to information stored in the system than there is in using MUGSI itself. Passwords can't be cracked any easier.
We have this on our top priority for fixes but you should feel comfortable continuing to use MACCESS.
|
|
|
11-25-2008 at 08:42 PM
|
#40
|
MacInsiders Founder/Admin
Posts: 7,121
Thanked:
1,202 Times
Liked:
1,730 Times
|
Hey Danny. You can still have a secure password with 35 characters of letters (upper/lowercase) and numbers. I wouldn't call it a 'security flaw', just a limit to which special characters can be used. I agree though that all special characters allowed in the services used within the portal should be allowed.
|
|
|
Article Tools |
Search this Article |
|
|
Posting Rules
|
You may not post new articles
You may not post comments
You may not post attachments
You may not edit your posts
HTML code is On
|
|
|
McMaster University News and Information, Student-run Community, with topics ranging from Student Life, Advice, News, Events, and General Help.
Notice: The views and opinions expressed in this page are strictly those of the student(s) who authored the content. The contents of this page have not been reviewed or approved by McMaster University or the MSU (McMaster Students Union). Being a student-run community, all articles and discussion posts on MacInsiders are unofficial and it is therefore always recommended that you visit the official McMaster website for the most accurate up-to-date information.
| |