I have a very unique request. I would like to be able to reset all the passwords of a particular role on my site nightly. I would like to be able to have this be an automated task, maybe run as a nightly script.

Why do I need this?

I am working with K12 classrooms where we would like students to be able to blog, use forums, and add images to the site. We would like other students in the class to be able to view each others work. we do NOTwant other people outside the classroom to view this work so trusting students not to share their passwords with other people is not an option. Essentially this is a space to be used in the classroom only. I thought about figuring out a way to restrict access by IP, but there may be the need to have some public access to the site (restricted access for parents to view their student documents and teacher blogs) so restricting access via IP would not work.

The password changing would work only if it could be change automatically and only if the instructor would be able to get the new passwords each morning so they could give them to the students when they needed to work on the site.

This is kind of a crazy idea, but I think it might make the sight a little more secure for younger students.

Comments

westwesterson’s picture

westwesterson commented

this probably shouldn't be a core feature, but should be a contrib module.

ChrisKennedy’s picture

ChrisKennedy commented
Status: Active » Closed (won't fix)

Yep, contrib module. You would probably want to pay someone to develop this functionality.

mianghe’s picture

mianghe commented
Version: 5.5 » 6.3

For a code that autogenerate passwords you can review http://drupal.org/node/222834

-Anti-’s picture

-Anti- commented

I've not used it myself yet, but would it be possible to use organic groups for this?

Everyone has their own account as normal, and maybe you want to set up some minimal access for auth users.

But for the work you mentioned above, in the morning you invite some users into the group(s), they
do their work in the OG, and then you exclude them all from the group(s) afterwards. Access will be closed
until you invite users back into the group(s). From what I understand of the organic groups module,
I don't think this is an unreasonable scenario.

Another way of doing a similar thing might be the 'TAC lite' module, which lets you lock content dependant on a combination of taxonomy and user-role. For instance, you can put your students in a certain role, and in the morning attach a 'private' tag to that role so they can work with the content, and at the end of the day detach the tag from the role so the tagged content becomes private again. (of course, all content would need to be tagged 'private').

You might also want to look at the 'node privacy by role' module, but I think this is probably too refined.

On a side note, you know that is really difficult to protect uploaded files don't you? You need to move the upload folder to above your public_html directory. However, this then breaks quite a few media and file management modules.

> so trusting students not to share their passwords with other people is not an option

Trust, etiquette, safety and responsibility on the internet is something that is taught. At some point these students will be in the real world and will have to deal with it all. Are you sure that your class isn't an appropriate place for to help them to learn some of that, and give them some practice at it?

Also, I would add, no amount of security you instigate will offer 100% protection. I hope you have obtained the necessary written permission for these students to publish work and media on a website, and have a clear website policy and ToC for them to follow, so if any of them does hack, or get hacked, or experience cyberbullying or unwanted contact, that you are not the fall guy, and that they can't turn round and say 'I didn't know I wasn't supposed to [insert antisocial behaviour here]'.

Lastly, do you know about Moodle? Moodle is really designed around the permissions and security that schools need. Rather than trying to make Drupal do things it wasn't designed for, Moodle might be a better starting point. I think there is a login bridge available too, as long as the moodle username is the same as the drupal one.

Cheers.