My school uses IPSCA SSL Certificates because they are free for higher ed institutions. They have worked fairly well over the past several years. However, a brief check made us realize that their root certificate will expire on December 29th invalidating all of our campus's certificates.
At the time of the discovery, they did not have a new certificate installed on any browsers. In fact at the time of this posting, only Internet Explorer has their new root certificate. What this means, is that viewers of your website after December 29th will receive an invalid certificate warning, unless they have the most recent December Microsoft updates, and are running on Internet Explorer. Anyone who visits a secure site that uses IPSCA certificates after December 29th on another browser, will get an invalid security certificate error message.
As a result, we have moved to GoDaddy. They offer fairly decent prices, and as an added bonus allow us to track certificates automatically.
IPSCA did not even send out a notification to its users until December 22nd!! (7 days before all of their certs expire).
So if you, or your organization uses IPSCA certificates, at this time, I highly recommend that you move to a different organization. Otherwise, come that day... you're going to have a lot of interrupted services on your machines, because even though the SSL may be valid, the root that it points to will be invalid.
If you wish to stick with IPSCA, you can now renew with a new certificate, and if you pay they are offering you 2 to 3 months (depending on which email you get from them) of extended service on your certificate. But you will need to renew it, and install a new chain certificate for it to continue working. However, note, that as of December 23rd... only IE users who have installed the most recent patch will see your certificate as valid.
Happy Festivus,
Paul
Wednesday, December 23, 2009
Monday, December 21, 2009
Campus Safety
Last spring, I made an entry about a security situation that arose near our campus housing that I did not agree with how it was handled.
Last Friday, a threat towards an unspecified instructor was left in one of our bathrooms. As a result, our school implemented its emergency team, and notified the local PD, who kindly sent three officers to patrol our campus for the day.
Unfortunately, the event happened the week before we launched our new Emergency Notification system (Blackboard connect for those who are curious).
However, we were able to spread the word quickly once we received direction. The committee was meeting, and it took some "ahems" to get into the room and get them to give us a statement to post on the website. Upon doing that, we also spread the word through our social media networks, campus email, and any other means we thought possible. The main reason is that rumors were starting to spread, and many students were getting frazzled by the unexpected police presence and searches going on as they entered class rooms. Additionally, some instructors were taken out of their class as a precautionary measure and replaced with another staff member to proctor the final exam.
Hopefully the incident was just an empty threat. I'm proud that the school did handle things in a much quicker way. There were a couple of issues, that I'll pass up the chain in hopes that next time we can spread word to students and visitors to the campus more effectively.
Merry Christmas, Happy Holidays, or Happy Festivus. Take your pick based on your religion!
Cya,
Paul
Thursday, December 10, 2009
Web Advisor Fix for "To Many Cookies" Javascript Error message
Like many schools we have experienced the Javascript error for to many windows open cookie error. Datatel advises that you remove or modify the code to fix the issue. For us, we deemed that as a workaround, and weren't willing to make the change (partially because every upgrade until they fix the issue will require to redo the workaround. Instead, I decided to look into the actual issue, and for a way to fix it.
First I'm going to describe what their code does and why it can be problematic, and at times it feels difficult to locate the source of the error. Then I'll tell you how we solved it, and give some recommendations on how other schools can fix the issue.
The Javascript that produces the error message counts the number of cookies in the current session. They have decided that if you have more than 18 cookies in your session, it is to many and thus, you receive the error message. Web Advisor by itself produces 16 cookies upon the session being generated.
Their code only examines the number of cookies, it does not check to see if the cookie actually belongs to Web Advisor or not. The reason why this can be an issue is how different servers can read cookies via hierarchical methods.
For instance... Lets say your user first visits http://myschool.edu. Our Website for this URL generates 11 cookies. Then you eventually log onto Web Advisor at http://webadvisor.myschool.edu. Upon entering your credentials, Web Advisor generates 16 cookies. However, webadvisor.myschool.edu can actually read cookies generated at myschool.edu. See Table Below for more details...
Similarly... this problem can manifest itself if you have an independent URL for your Web Advisor installation. For instance myschoolWA.com If you allow access to the site via myschoolWA.com and then at some point that user is switched to www.myschoolWA.com then the user may experience the to many cookies error.
Ultimately this issue is not a Datatel or WebAdvisor problem in my opinion. I believe the problem lies within the browsers allowing a subdomain to access cookies of a parent website. While it certainly has its uses it can also lead to Cross site scripting issues if you aren't careful. (Think student website under the myschool.edu domain.)
Remember cookies are in the control ultimately of the user. So depending on the users settings, you may not be able to delete cookies even if you tell it to do so. But by trying to avoid the situation above this should greatly reduce the number of users that receive this error message at your school.
Have a Merry Christmas and Happy Holidays to everyone!
Cya
Paul
First I'm going to describe what their code does and why it can be problematic, and at times it feels difficult to locate the source of the error. Then I'll tell you how we solved it, and give some recommendations on how other schools can fix the issue.
The Javascript that produces the error message counts the number of cookies in the current session. They have decided that if you have more than 18 cookies in your session, it is to many and thus, you receive the error message. Web Advisor by itself produces 16 cookies upon the session being generated.
Their code only examines the number of cookies, it does not check to see if the cookie actually belongs to Web Advisor or not. The reason why this can be an issue is how different servers can read cookies via hierarchical methods.
For instance... Lets say your user first visits http://myschool.edu. Our Website for this URL generates 11 cookies. Then you eventually log onto Web Advisor at http://webadvisor.myschool.edu. Upon entering your credentials, Web Advisor generates 16 cookies. However, webadvisor.myschool.edu can actually read cookies generated at myschool.edu. See Table Below for more details...
| mys.edu | wa.mys.edu | www.mys.edu | |
|---|---|---|---|
| mys.edu | XXXXXXXX | No | No |
| wa.mys.edu | Yes | XXXXXXXXXXXXXXX | No |
| www.mys.edu | Yes | No | XXXXXXXXXXX |
- Based on the table above if you are on myschool.edu it cannot read cookies for any its subdomains.
- If you are at webadvisor.myschool.edu it can read cookies for its parent domain, but cannot view cookies for any siblings (such as www).
Similarly... this problem can manifest itself if you have an independent URL for your Web Advisor installation. For instance myschoolWA.com If you allow access to the site via myschoolWA.com and then at some point that user is switched to www.myschoolWA.com then the user may experience the to many cookies error.
Ultimately this issue is not a Datatel or WebAdvisor problem in my opinion. I believe the problem lies within the browsers allowing a subdomain to access cookies of a parent website. While it certainly has its uses it can also lead to Cross site scripting issues if you aren't careful. (Think student website under the myschool.edu domain.)
Remember cookies are in the control ultimately of the user. So depending on the users settings, you may not be able to delete cookies even if you tell it to do so. But by trying to avoid the situation above this should greatly reduce the number of users that receive this error message at your school.
Have a Merry Christmas and Happy Holidays to everyone!
Cya
Paul
Subscribe to:
Posts (Atom)
Posts
