Educause Security Discussion mailing list archives
Re: Information on Public website
From: Amber Weishaar <aweishaar () UINDY EDU>
Date: Mon, 23 Nov 2009 15:48:32 -0500
We have a searchable contact directory available on our public website. Visitors must enter at least three letters of an individual's last name for results to be shown *unless* the user's last name is only two characters. Then, only exact two-letter last name matches are shown. Each person is able to change his/her preferences for which pieces of information are shown to the public and which are shown via our authenticated portal. Amber -- Amber Weishaar Director of Web Services University of Indianapolis (317) 788-3239 http://www.uindy.edu On Nov 23, 2009, at 3:36 PM, Emery Rudolph wrote:
Its one thing to publish department information, but quite another to publish an individual employees information and title. The problem arises when spammers, vendors, head hunters, etc have free reign to contact anyone at will. This is more than annoying to the employee, because there is no filter from these types of contacts. While some employees may conceivably benefit from such exposure (academic advisors) other, behind the scenes employees (system administrators) would be inconvenienced by students seeking classroom assistance, when they should be routing those issues directly to their professors. Very Best Regards, Emery Rudolph Director, Systems Management University of Maryland University College 301-985-7447 http://www.umuc.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Schaffer Sent: Monday, November 23, 2009 2:53 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Information on Public website At some point there has to be some method for persons/entities outside a university to contact persons within. I don't really see any problem with the publication of directory information such as this. Remember that Accessibility is also an important part of information security... Greg -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand S Malwade Sent: Monday, November 23, 2009 1:48 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Information on Public website I was curious to know what other Institution's policy is regarding publishing Administrative Staff and faculty information on the University's Public website. The information includes Name, Title, Phone #, Location and Division. I my opinion this should be placed behind an authenticated portal as it maybe be used for Social engineering attacks. Does anyone see potential privacy concerns ? Any other opinions ? Thanks Anand Seton Hall University.
Current thread:
- Information on Public website Anand S Malwade (Nov 23)
- <Possible follow-ups>
- Re: Information on Public website Greg Schaffer (Nov 23)
- Re: Information on Public website Moore, Frank (Nov 23)
- Re: Information on Public website Pete Hickey (Nov 23)
- Re: Information on Public website Greg Schaffer (Nov 23)
- Re: Information on Public website Hugh Burley (Nov 23)
- Re: Information on Public website Emery Rudolph (Nov 23)
- Re: Information on Public website Amber Weishaar (Nov 23)
- Re: Information on Public website Brian Epstein (Nov 23)
- Re: Information on Public website Sarazen, Daniel (Nov 23)
- Re: Information on Public website John Ladwig (Nov 23)