Question about creating a Pack web site...

[Oakville Tim]

Hi to all,

 

I am our Pack's Cubmaster effective with our Blue & Gold banquet -- our CM, ACM and CC all are 'graduating' with their sons.

 

The mother of one of our Wolves/going into Bears has pledged to tag-team in the CC duties. She is very skilled with computers, from what I am told (I have had just one conversation, very pleasant, with her), and she has already pledged to start a monthly newsletter.

 

My question is: For Packs that have a web site, how is the site content kept secure, available to member families only? What is the trick to preserving the security of a password?

 

(I am thinking here of the movie, 'War Games,' and how the Matthew Broderick character easily finds the password for the school's computers so that he can change his and Ally Sheedy's letter grades. Obviously I would fear such a 'hacking' event greatly.)

 

Maybe some of you who have a Pack web site can weigh in on whether it truly is valuable to your families.

 

What good guidance can you give me?

 

Thanks much!

YIS,

OT

 

 

[EagleInKY]

The level of security required is directly related to how much confidential/sensitive information you are going to include in the secured area. If the information contained in the secured area could easily be obtained by attending a pack meeting, then the required security is less than if you are going to include lots of contact information, details about den activities, etc.

 

But, in general, here are a few dos and don'ts off the top of my head:

 

DO:

- Have each family initialize their account. You can do something such as require them to know the last name and telephone number of a member, or something to that effect. A more secure method is to preassign a PIN number that you give them.

 

- Monitor new accounts as they are set up. Notitifications should go to the administrator (you or someone who knows who is in the pack) to delete anyone who has "hacked" in.

 

- Associate the registration to a member. That way, if a family leaves the pack, their access goes away the next time you update the database.

 

- Have password standards (at least six chars long, contains a number, can't be a substring of the userid/email, etc).

 

- When an account is set up, send an e-mail to the registered address with an activation code. The users should not be able to access the site until it has been activated.

 

DON'T

- Rely on public information as your only requirement access, such as phone numbers, addresses, last names, etc.

 

- Pre-assign access and assign passwords like the first four characters of your last name.

 

- Share a common userid or password.

[spinnaker]

Hi- I have been involved in meetings lately where such issues are dissussed.

I like the internet and applaud anyone trying to get a site up. That said...

1. Have you looked at the Council Website standards ? http://www.scouting.org/webmasters/standards. Though you have a unit site theses are good guidelines.

2. Because of lots of unknowns...people move, or just leave scouting with little notice. I don 't like to leave important things to just one person . maybe its better to go for less security and store less sensitive info. For example , for my troop I may e-mail advancement info, or a phone # or ??? However on the internet I will only give the scouts first name.

3. I'm not smart enough to set up a good security system so I abide by #1 and 2

 

Good luck

[SemperParatus]

I would do whatever EagleInKy just said (of course, I have no idea what he just said...although it sounds really good). He is, afterall, a professional.

[KoreaScouter]

I wouldn't put anything sensitive enough to warrant password protection on a web site. Ours is mainly a repository for forms, calendars, reference material, and general unit info for people looking for a unit. If you throw up too thick a firewall, it may keep people out who may not be unit members, but want to get to know you or just get contact info.

 

For unit specific stuff, advancement info, etc., you can always do PackMaster on the Web, separate from your web site, that allows people you identify to view, update, and work with that information.

 

KS

[insanescouter]

My suggestion to you is assume anything you put online some one will get a hold of and use in a way you disapprove of. Thus a Pack Website should be viewbale to the world and have normal content like pictures, a calendar, a email to contact an adult, etc. No Unit web site should ever contain senstive data like Scouts full names, unit roster, phone numbers, etc. Hope this helps.

 

InsaneScouter

www.insanescouter.org

webmaster@insanescouter.org