HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Topics » Computers & Internet » Computer Help and Support (Group) » Do any of you know anythi...

Sat Aug 1, 2020, 10:43 AM

Do any of you know anything about where I might learn about security...

.... issues when developing web-based software?

You folks taught me what an adapter was, how to purchase wireless phones and several other things. This has become my go-to forum for almost anything requiring smart people.

Fifteen years ago I wrote a program in MS Access for my son to use in the public school system to track behavior issues. He's a special ed teacher. He's now looking for a developer to migrate it to a web-based app that people can access on smart phones. We've found a great web site for submitting our RFP, but we're unable to specify the security requirements for this new web/public-school world. Might any of you be able to point me to resources where I could get myself sufficiently educated to specify our requirements? I don't even know (but I do fear) that requirements vary from school district to school district (Arrrrggghhhhh!!!)

tia
las

8 replies, 613 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 8 replies Author Time Post
Reply Do any of you know anything about where I might learn about security... (Original post)
LAS14 Aug 2020 OP
Phoenix61 Aug 2020 #1
LAS14 Aug 2020 #2
Phoenix61 Aug 2020 #3
LAS14 Aug 2020 #5
steve2470 Aug 2020 #4
LAS14 Aug 2020 #6
hunter Aug 2 #7
ManiacJoe Aug 8 #8

Response to LAS14 (Original post)

Sat Aug 1, 2020, 10:52 AM

1. Anything that meets the standards for medical

data should be acceptable. The other option is to look at what the two different platforms require, Apple and Google. But as noted the biggest issue is going to be the school system. Student data is closely guarded and Iím not sure how you would be able to access it.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Phoenix61 (Reply #1)

Sat Aug 1, 2020, 11:04 AM

2. Thanks. Can I ask a couple more questions?

When you say "what the two different platforms require," are you talking about requirements for their own development? Or requirements for apps other people develop? In either case, where would I go to find those requirements? Likewise, where would I go to find standards for medical data?

I need to learn the vocabulary for this stuff in the modern age.

tia
las

Reply to this post

Back to top Alert abuse Link here Permalink


Response to LAS14 (Reply #2)

Sat Aug 1, 2020, 11:20 AM

3. Requirements for app developers.

Platform is the operating system for the smart phone. Currently, the options are I-phones running the Apple operating system or android running a google operating system. If you want Apple to offer your app, it has to be in their App Store where I-phone users get all their apps. If you have a droid it uses Google. They each have their own requirements. But the biggest issue is going to be student data. If this is an app for the teacher to use even if they use random numbers for each student the teachers info would be there and it would be hackable which could possibly leave their studentsí info vulnerable.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Phoenix61 (Reply #3)

Sat Aug 1, 2020, 11:41 AM

5. Thanks. That's helpful. nt

Reply to this post

Back to top Alert abuse Link here Permalink



Response to steve2470 (Reply #4)

Sat Aug 1, 2020, 11:43 AM

6. Thanks, but unless I missed something, this is way beyond my level. I'm...

... just looking for a way to articulate security requirements in an RFP for an app for public school use.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to LAS14 (Original post)

Sun Aug 2, 2020, 11:52 AM

7. I wouldn't touch that for any amount of money.

Leave software to the big players with hard core security experts and bad-ass legal departments. Leave it to school administrators to do any sort of "tracking" above and beyond that required of all teachers.

Seriously, teachers are not paid enough to deal with that crap.

This is not an advertisement, but the schools around here are using Chromebooks and Google.

https://edu.google.com/



Reply to this post

Back to top Alert abuse Link here Permalink


Response to LAS14 (Original post)

Sat Aug 8, 2020, 08:32 PM

8. From the technical side,

An important requirement is to make sure that the database servers are not accessible from the internet.
Users' computers/phones talk to the front-end internet servers.
The front-end servers talk to the database servers.
Users cannot directly talk to the database servers.

Another consideration: Do you want this system to be facing the internet or do you want the users to only be connected locally in the wifi system?

Meeting the federal HIPAA requirements will go a long way in describing your security needs.

Are you looking to have a central data source with all school systems talking to the one data center, or are you looking for each school system to have its own installation?

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread