Security Considerations and Precautions
Balancing security, usability and functionality is always a challenge. The following items are steps we
have taken and considered when developing this site and tradeoffs of security, development resources
and usability. In short, this is why we believe this site is good enough for us, for now.
- How secure is CU*Answers Board Sites?
- While reasonably protected, the server hosting this site is not internally rated for private data. The
website is hosted on secure server.
- What are the password policies?
- The website follows standard username and password security procedures. Each board member
and support staff has been issued unique credentials and are responsible for keeping them secure.
The site does employ a self service retrieve forgotten password feature.
- How do my board members register?
- The site does not allow new user registration. New members can be added by the board admin.
- Does CU*Answers Board Sites use encryption?
- The website currently utilizes SSL encryption. That means usernames, passwords and
content are all transferred over the Internet encrypted.
- Can other users access my boards’ documents?
- As with all websites, binary files in the document root can be access directly, bypassing the
username and password security, if the attacker knows or guesses the direct URL. This is a
requirement of websites in order to serve the file to the web browser. While there are methods of
remediating this attack vector, the implementations are not as fluid or fault tolerant. Binary files
include PDFs and other media files.
- How private is this site, can you search for it?
- This website is not being submitted to search engine indexing, though may be discovered