Answer the question
In order to leave comments, you need to log in
Access protection in the system of online testing / examination of students?
Good afternoon.
For quite a long time now, I have been developing and supporting an online testing/examination system for students for several Moscow universities.
At the moment, access to the test or exam is issued in the form of a login / password pair to each student immediately before the start of testing. Such a system has its drawbacks (for example, cards with a login and password must be printed and cut in advance - there is no guarantee that the login and password will not be given to any student in advance so that he can take the test from home at the appointed time. This remains on the conscience of the testers, who are by no means always professors - very often they are assisted by laboratory assistants, who are the same students).
Therefore, it was decided to modify such a system.
The first thing that came to my mind was the integration of the exam itself with a personal account, access to which is given to each student once, with checking whether the student is in the exam room using an SSL certificate (if the certificate is not installed on the client machine, the student will be prompted go to the appropriate room to start testing).
Such a system would be quite convenient both for students (you need to remember your login / password once) and for teachers (the list of examination rooms is set by the administration, you can select a specific room, the student sees in advance in his account in which room and when he will take test). Plus plays the ease of deployment of such a system.
However, the SSL certificate from the desktop can be exported and taken out. And here it becomes not very clear how to defend against it.
It is certainly possible to check the IP address, but only as an addition to the certificate, and this will not be a 100% guarantee that the student is in room N. Plus, this requires tight integration with IT departments, which can be problematic.
There was an idea to organize a trail. way - somehow connect the workstations through the server in the classroom, and check this server already. But again, it is not clear how to implement this in practice, plus, again, there is no guarantee that the certificate / token will not be stolen / taken out.
What do you advise? Has anyone faced a similar issue? Is there anything to read on this topic? Any answers or just thoughts on the topic will be glad.
Thanks in advance!
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question