Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Supported by

University Hosted JATOS Server

edited April 2020 in JATOS

I am currently trying to get my university to host a JATOS server. I have a meeting with the IT department later this week to discuss some possible concerns they have about data privacy, user access, etc. Anyone who has additional information on the questions below, your insight would be extremely helpful!

  1. If my university hosts a JATOS server, will users log directly in to JATOS, or through the University? (For example, when I log into my university Qualtrics account, I have to log in to my school with my university username and password and it takes me directly to my Qualtrics homepage...I do not have a separate Qualtrics login) - Is this something that is/can be done with a proxy in front of JATOS?
  2. If the above is not true, and users log directly into JATOS, can the university force a password reset for users every x months? I know that password requirements can be changed (i.e. length and strength), but can they be forced to change? (I assume this is just a programming thing, which I do not know much about, so if it is, does someone know how to program this?)

If anyone has run into other questions/problems with getting a university to host a JATOS server, please let me know what other concerns where shared, if you know. Thank you!

-Elisabeth

Comments

  • This is the reply I received from Elisa on the Google group for anyone who is interested:

    1. Right now JATOS is its own system, with its own login. In the next release (ready in about 2-3 weeks) we will add LDAP so that the JATOS log in will be paired with the central university accounts. But (for now at least) the JATOS admin will need to create a new user by hand to everybody that wants to use JATOS.  


    2. 1. is true, so that takes care of forcing password reset. 


    Additionally, here's a roughly-written list of security-related details that your IT might ask about:

    JATOS uses safe, battle-proofed technology

     * Java/Scala (strongly typed) running on JVM + MySQL/H2 database

     * Play framework (latest version)

       - e.g. Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks are blocked (https://www.playframework.com/documentation/2.7.x/SecurityHeaders)

    - JATOS got a bunch of security improvements in version 3 (http://blog.jatos.org/Hardening-JATOS-Security/)

     * Most importantly: User session makes session hijacking very difficult

     * Account lockouts after inactivity or several failed tries

     * Added security headers (e.g. one of those headers for instance prevents clickjacking with Iframes)

    - JATOS prevents SQL and HTML/JS injections

    - JATOS does not store any passwords in the database (hashes only)

    - JATOS plays well with all reverse proxies (e.g. Apache, Nginx, Traefik)

     * Add encryption.


    Rather importantly: 

     * It is possible to restrict access to the most vulnerable pages, meant for the experimenters only (i.e. controlling the GUI, uploading studies, accessing result data, etc), to a internal network (e.g. institute network) - while still allow external participants to do run the experiments.

Sign In or Register to comment.

agen judi bola , sportbook, casino, togel, number game, singapore, tangkas, basket, slot, poker, dominoqq, agen bola. Semua permainan bisa dimainkan hanya dengan 1 ID. minimal deposit 50.000 ,- bonus cashback hingga 10% , diskon togel hingga 66% bisa bermain di android dan IOS kapanpun dan dimana pun. poker , bandarq , aduq, domino qq , dominobet. Semua permainan bisa dimainkan hanya dengan 1 ID. minimal deposit 10.000 ,- bonus turnover 0.5% dan bonus referral 20%. Bonus - bonus yang dihadirkan bisa terbilang cukup tinggi dan memuaskan, anda hanya perlu memasang pada situs yang memberikan bursa pasaran terbaik yaitu http://45.77.173.118/ Bola168. Situs penyedia segala jenis permainan poker online kini semakin banyak ditemukan di Internet, salah satunya TahunQQ merupakan situs Agen Judi Domino66 Dan BandarQ Terpercaya yang mampu memberikan banyak provit bagi bettornya. Permainan Yang Di Sediakan Dewi365 Juga sangat banyak Dan menarik dan Peluang untuk memenangkan Taruhan Judi online ini juga sangat mudah . Mainkan Segera Taruhan Sportbook anda bersama Agen Judi Bola Bersama Dewi365 Kemenangan Anda Berapa pun akan Terbayarkan. Tersedia 9 macam permainan seru yang bisa kamu mainkan hanya di dalam 1 ID saja. Permainan seru yang tersedia seperti Poker, Domino QQ Dan juga BandarQ Online. Semuanya tersedia lengkap hanya di ABGQQ. Situs ABGQQ sangat mudah dimenangkan, kamu juga akan mendapatkan mega bonus dan setiap pemain berhak mendapatkan cashback mingguan. ABGQQ juga telah diakui sebagai Bandar Domino Online yang menjamin sistem FAIR PLAY disetiap permainan yang bisa dimainkan dengan deposit minimal hanya Rp.25.000. DEWI365 adalah Bandar Judi Bola Terpercaya & resmi dan terpercaya di indonesia. Situs judi bola ini menyediakan fasilitas bagi anda untuk dapat bermain memainkan permainan judi bola. Didalam situs ini memiliki berbagai permainan taruhan bola terlengkap seperti Sbobet, yang membuat DEWI365 menjadi situs judi bola terbaik dan terpercaya di Indonesia. Tentunya sebagai situs yang bertugas sebagai Bandar Poker Online pastinya akan berusaha untuk menjaga semua informasi dan keamanan yang terdapat di POKERQQ13. Kotakqq adalah situs Judi Poker Online Terpercayayang menyediakan 9 jenis permainan sakong online, dominoqq, domino99, bandarq, bandar ceme, aduq, poker online, bandar poker, balak66, perang baccarat, dan capsa susun. Dengan minimal deposit withdraw 15.000 Anda sudah bisa memainkan semua permaina pkv games di situs kami. Jackpot besar,Win rate tinggi, Fair play, PKV Games