FAQ Topics

General

Eligibility

Registration

Security/Privacy

Technical Info

Problems

Questions and Answers / FAQ

Security/Privacy

Q: How is access to the site controlled ? 
A: All sections of the Site except the Welcome page, the Contact page and these FAQ pages are viewable only by registered Alumni.  You identify yourself via the Userid which you have obtained during Registration, and the Password you have picked at the time.  You can optionally use your e-mail address as your userID, as long as it unique (if, for example you and your spouse - who is also an alumna - share an e-mail address, you will not be able to use that address as an ID).

Q: What will you be publishing on the site in the future ? 
A: In the plans are a general-purpose bulletin-board where Alumni can ask questions, and an Archive section where old photos and other documents will be made available for browsing.

Q: What information is in the directory ? 
A: A member's directory entry contains as many or as few items of information as the individual wants.  At a minimum, you must provide your first name, last name, a primary e-mail address, either a primary telephone number or an alternate e-mail address, the city, province and country where you live and your starting and ending dates at CP.   There are many other items of information which you can optionally provide.

Q: What is shared among other alumni ? 
A: The profile items that most affect your privacy (e-mail addresses, phone numbers, home street address and postal code) are private by default. Some of them must be known to the organizers of the site for contact purposes. You may make them public to other alumni by explicitly saying so when you edit your profile.  Most other items, which are of interest to the alumni community at large, are public by default, i.e. if you specify these items, they will be public to your fellow alumni. 

Q: What is visible to the general public ?
A: Nothing.  You have to be an approved, registered alumnus or alumna to view the directory.  Each person has a personal userid and password to enter the private portion of the site.  The public portion of the site consists of the Welcome Page, this FAQ and the Contact list. 

Q: How is  my password be kept secure ?
A: Your password is kept in a server-resident database in one-way encrypted format.  Nobody, not even the webmaster, knows your password, and it is mathematically impossible (or hugely unlikely) to reconstruct the clear-text password from the encrypted version.  If you lose it, human intervention will be required to provide you with a new temporary password, which you will then have the change the first time you log-in to the site.

Q: What if I don't remember my password ?
A: You are given a maximum of 3 bad password tries, after which which your account will be locked out and you will require manual intervention (and a bribe, a food offering or equivalent) to regain access.  During registration you can provide a password hint which you can request during log-in if you don't remember your password.  This hint should mean something to you only.  If your hint doesn't help you you will have to contact info@cpisalumni.org for help.

Q: Is any private information kept on my PC (Cookies) ?
A: Emphatically no! Once you have successfully logged-in, you are said to have opened a "session". A session token (a 32-character cryptographically-random number) is stored as a temporary browser session cookie on your computer.  This token is used to access session-control parameters stored in a secure location on the web server; possession of the token alone cannot be used to hijack a session.  Please note that we use a special cookie type called a session cookie, which will not persist between browser sessions: you shut off your browser, bye-bye goes the cookie.  If you have a fear of cookies, please read: http://www.internet-tips.net/Security/cookies.htm and http://www.internet-tips.net/Security/cookies_fear.htm

A Log-out  command is provided to destroy all traces of the old session and delete the cookie. It also prevents any history entries on your browser from re-establishing a session (via re-sending POST data) without someone having to enter an id and a password again. Finally, the Log-out command forces a re-login if an attempt is made to view any pages accessible through the browser's back button.  Use that command !

Q: How do I know when I am logged-out after hitting the Log-out button ?
A: When you are logged-in your name will appear in the top header bar; when you are logged-out, the header bar will not show a name:

Logged in:
Logged-out:
As well, the Log-out option on the section bar will be replaced by the Log-in option.

Q: Is my data encrypted along the wires ?
A: No.  We are not using SSL or similar technology (i.e. you will not see a closed padlock on your browser during CPISALUMNI sessions).  It was a  cost .vs. privacy requirement decision  This site will contain no high-security or high-privacy information.

Q: Is this site hosted on a Microsoft Windows platform and/or Microsoft IIS Web Server ?
A: No.  CPISALUMNI.ORG is hosted on a Unix platform running under Apache as a Web Server.

Q: You use PHP as a DHTML scripting engine.  I read bad press about this lately.
A: You may be referring to the PHP File Upload vulnerability.  We are aware of that vulnerability.  The combination of the server Operating System and the version of PHP we are running are not among the combinations which are open to this vulnerability.

Q: What about the use of the CPISALUMNI Directory for SPAM ?
A: The directory is not accessible to the general public.  There is always the possibility of a rogue fellow-alumnus going through the directory and collecting e-mail addresses for SPAM purposes.  Each person getting a CPISALUMNI ID and password will have to agree to abide by a set of rules. One of these rules concerns the use of fellow alumnae's e-mail address for commercial or other undesirable purposes.  If you are paranoid about this possibility, then do not make your e-mail address visible to your fellow alumni.