Scout tracking info

Discussions around miscellaneous technologies and projects for the general membership.
oscarschultz
New Member
Posts: 14
Joined: Fri Jan 19, 2007 8:13 am

secure web app

#11

Post by oscarschultz »

A questions for the web designers.
Since web transactions are basically stateless - What is the current preferred secure practice to pass information between web transactions? cookies, hidden fields, local storage into a database?


SSL will encrypt the data the last step. The in between step is the concern. Should I plan to seperate the web server from the database server?
Is the postgres encryption good enough or do I need additional paranoia steps to protect the data.
For a small app I'd prefer to keep everything on 1 machine. Once it scales up of course it will be time to split the web and db parts. About what size should that occur?

I don't know if this will ever work. It is just easier to ask the questions now rather than recode and redesign after the whoops.


thanks for the help
oscar
User avatar
thedqs
Community Moderators
Posts: 1042
Joined: Wed Jan 24, 2007 8:53 am
Location: Redmond, WA
Contact:

#12

Post by thedqs »

Thing with cookies is that they can be copied and another computer can "take over" a session. Now since you are using SSL that information is encrypted and using the standard 128-bit encyrption you are pretty secure. Seperate computers can be more secure in that the database server is locked behind a firewall that is inaccessable.

Now for a note, remember tom's post about not storing membership information on a server, even your own. I don't know how the policy would apply to the membership information that you have access to since technically you are downloading it to your own computer and running it for yourself. Of course if this doesn't affect the MLS or LUWS data then you are alright, from my understanding.
- David
User avatar
WelchTC
Senior Member
Posts: 2085
Joined: Wed Sep 06, 2006 8:51 am
Location: Kaysville, UT, USA
Contact:

#13

Post by WelchTC »

thedqs wrote:Now for a note, remember tom's post about not storing membership information on a server, even your own. I don't know how the policy would apply to the membership information that you have access to since technically you are downloading it to your own computer and running it for yourself. Of course if this doesn't affect the MLS or LUWS data then you are alright, from my understanding.
The policy currently only covers data that you download from LUWS or MLS. In other words do not take data that you have downloaded from the Church and then re-upload it to another 3rd party server. Obviously we provide the data for you to use but we ask that you not upload the data to another "shared" server. Basically you are under the obligation to keep the data secure. If you upload it to a third party, you lose your ability to keep it secure.

There currently is no policy about using web sites that ask for information to be entered in manually. Until a policy is formed, common sense and prudence should apply. I think what Oscar is asking for is help on how to ensure that the data people do input is kept very secure.

Tom
HansenBK
New Member
Posts: 34
Joined: Thu Sep 07, 2006 9:18 am

Security

#14

Post by HansenBK »

Standard practice is to usually have the web server and the database on separate machines, but this usually has more to do with performance, but can also be thought of as a security practice too.

Before I worried that much about architecting out separate servers, I would probably put some thought into where you are going to host this. If it is going to be a paid hosting service, they would probably have some recommendations or standards that they would want you to meet.

Honestly, and maybe I get stuck in architect mode too much, I am not really sure what you would be doing different if your database was on a separate box or not? What difference should it make to your code? I have had to revisit things going from a single box to a cluster, but that is a different issue.
nanderson75
New Member
Posts: 3
Joined: Fri Mar 23, 2007 11:53 am
Location: Oregon
Contact:

Scout Tracking Software

#15

Post by nanderson75 »

I have a website that I run called eTrailToEagle.com. We provide Duty to God and Scout Tracking modules. It works well on Mac as long as you use Firefox as your browser. We are writing it in ASP.NET 2.0 using MS AJAX 1.0. The Ajax pages don't work well in the Safari browser yet.

Nathan Anderson
www.etrailtoeagle.com
Tomj wrote:Tracking software sounds great! Is there any Mac Scout Tracking Software?

When I was a varsity coach tracking software would have been great! But it would have been even better if our whole scout committee could have access to the records through some sort or web-based interface that they could log-in to or something similar to that.

Is there anything out there that has this sort of functionality? It looks as if the above listed solutions are client only with the possibility of FTP upload.
scion-p40
Member
Posts: 259
Joined: Sun Apr 22, 2007 12:56 am

#16

Post by scion-p40 »

I have been my ward advancement tracker since March 2007. The only records that I was given were the pink copies of the advancement forms dating back to the 1970's and a brief troop history typed several years ago. I went through all of the pink forms and extracted data into an excel chart. However, it has holes. Apparently people other than the advancement tracker sometimes bought awards & those pink copies never made it into the file.

In May I gave the scout leaders a copy of each boy's new advancement record with a note attached that they contact me to provide missing data. No one has responded to date.

Getting folks to give me the completed advancement forms prior to the court of honor so I can buy the awards is hard enough. How do you get folks to contribute other info, such as leadership positions and participation in service projects, etc.? Or, do you just leave that to the scoutmasters to track? Also, how does an internet based tracking system protect the integrity of the data?
User avatar
thedqs
Community Moderators
Posts: 1042
Joined: Wed Jan 24, 2007 8:53 am
Location: Redmond, WA
Contact:

#17

Post by thedqs »

As for troop advancement software there is a comercial product that my old ward used was Troopmaster and it was very easy to keep track of advancements and what was missing from each boy.

Notice: Troopmaster is a commercial product and is not endorsed by the church and is only placed here as another option.
- David
User avatar
HaleDN
Church Employee
Church Employee
Posts: 44
Joined: Mon Jan 22, 2007 2:08 pm
Location: Herriman, Utah, USA
Contact:

Official BSA Advancement Web Site

#18

Post by HaleDN »

If you are looking for an official summary of advancement data, this site is available: https://scoutnet.scouting.org/iadv/UI/home/default.aspx It requires your unit ID, unit type, and unit number in order to create an account.

I'm not the advancement coordinator in my troop, but we have been using this to help make sure that the official records are up to date. This may help you piece together awards that were submitted but which you don't have a paper record for. However, the data for this site is only as reliable as what your scout council has updated it to be.

From the FAQ:
The Advancement Report lists each youth member that has new ranks, merit badges, and awards, if any.

The Unit Awards Summary lists the number of new ranks, merit badges, and awards by name.

The Advancement Update Summary lists any ranks, merit badges, and awards that were already in the member record but which were given a new date earned.
scion-p40
Member
Posts: 259
Joined: Sun Apr 22, 2007 12:56 am

#19

Post by scion-p40 »

Thank you for the responses. My ward isn't paying for any software, so Excel it will be. At least I can readily share the info with troop leaders this way.
ksroberts
New Member
Posts: 19
Joined: Wed Mar 31, 2010 8:41 pm
Location: USA

Tracking Duty to God and Scouts

#20

Post by ksroberts »

There are a zillion tracking devices on the internet. Nevertheless, we still look for something that meets our needs without trying/buying every option out there.

My interest is with the disconnects between the Duty to God and Scouting porgrams. The fact that many are still searching for tracking solutions indicates that we have not solved the problem. I chose to give up the tracking options I found online; instead, I opted to track everything in Excel where I could create my own formulas and put in a format that I can easily view on my iTouch.

The church really needs to re-assess the requirements in the Scouting an D2G programs. The two programs need to better mirror each other.

Tracking should not be this hard, and should not require leaders with years of experience or someone that is tech savvy. The two programs need to blend together.
Post Reply

Return to “Other Member Technologies”