From: Ashley M. Kirchner

> From: Paul M Foster
>> The only reliable way to resolve this is to let the school
>> administration to handle it. Each registration would *attempt* to
>> register as a student, parent or whatever. Those attempted
>> registrations
>> would go into a "wait" queue. Meantime, emails would be sent to an
>> administrator whose job is would be to "bless" those registrations.
>> They
>> would check to see if a potential registrant was what they claimed to
>> be. You'd give them a page where the queued registration attempts
>> show up. And they would check the proper box for each potential
>> registrant. Once done, the registration would be completed, and in
>> proper category.
> Yeah, that would fall on our shoulders.  School administration won't
> this.  It comes back to the IT Department and we have to "figure it
> The problem is, while we can "bless" student registrations, we can't
> tell if the next one is a parent or not, or if it's a parent in our
> district.
> We do have another system in place, one in which we hand out 2 unique
> for each student at each school and parents pick those up.  Internally
> keys are matched to that student so we know who it is that's
> However, that requires a lot of front work to get those keys out.
> For this particular project, we want to make it as painless as
possible, but
> the more I think about it, the more I'm accepting the impossible
nature of
> it.

It all boils down to a simple risk assessment. Is the administration
willing to live with the possibility that students can masquerade as
parents and vice versa? And that strangers can masquerade as either? If
so, then a simple check box on the registration page will suffice. If
not, they will need to establish a manual authentication step as part of
the registration process and control that check box themselves.

Bob McConnell

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to