I like the idea of being able to send official transcripts via pdf over email, however, without encryption or other security protocols most accredited institutions will not accept these electronic transcripts as official. I am currently working on a bodge to the odt file for my custom transcript to see if I can automate the process in Openoffice.org so that the pdf generated is encrypted, but I don't think that it will work. If this does not work, then I will continue to export the document to a pdf and encrypt it myself, not using the automated feature.
Date
Votes
7 comments
-
Brendan O'Donnell Official comment 11/6/18: We added encryption options to PDF transcripts. Read about 'em here.
A couple updates to this comment—see the items in italics.
@Benjamin... If you enable web transcripts (in Academics > Settings), the email-a-PDF version of transcript requests doesn't include the file itself. It sends an https URL from which the recipient can download the PDF. Every part that Populi handles is encrypted; as with all things, the only weak spot would be what the recipient does with the URL (forwards to others, posts it on Twitter for some reason, etc.).
If you do not enable web transcripts, the PDF transcript is indeed sent as an email attachment. Provided you're keeping your email account secure and are responsible with the transcript file, the above still applies.
So, although the PDF itself is not password-protected, it is nonetheless cloaked in an encrypted system that's a lot more technically secure than the password protection available for PDFs.
If you have something we can look at from an accredited institution requiring that the file itself be encrypted, we'd love to have a look at that!
-
Benjamin Olson Brendan, Thanks for getting back to me so quickly. I do not have an Academics > Settings tab. I do not see the setting under Academics > Transcript Requests > Settings, so I will assume this is a tab that I do not have permissions to see. I apologize if that setting was there and I did not see it.
I would still recommend further closing the loop, however. Again, I apologize if this is available, but I did not read it in the documentation. Once that link is created, how long is the URL available? Indefinitely? A week? How many times can it be opened? Is it possible to limit that number? I still believe the best way to make that link secure is to add password protection. The password itself could be sent along with the email and prevent anyone who may be data-mining or sharing URL's from opening the URL without permission. Maybe I am being a little overprotective, but if there is anything I have learned in the Registrar's office, it is that you can never be too protective of the students' academic information.
Thanks.
-
Brendan O'Donnell 11/6/18: We added encryption options to PDF transcripts. Read about 'em here.
Benjamin, Academics > Settings is available to Academic Admin users (I'm guessing you max out at Registrar). A couple things about the URL for the web transcript:
- The URL is around indefinitely at this point. But we're planning a round of improvements to Transcript Requests, some of which concern the URL—we're batting a few ideas around like expiration dates for the URL. I'll make sure to note your concerns on that task for our developers.
- The URLs themselves are pretty complex and all but "unguessable"... there are something like 655,360,000,000,000,000,000 possible combinations for a given transcript URL—per Populi customer (so multiply that by around 300)—and a "lag timer" that kicks you out if you try to "brute-force" guess the URL. Hacking or data mining the URLs is all but untenable.
We did think about adding passwords, but it's all but impossible to get around the same basic human error problems you might encounter with the emailed URL—people are careless, mistakes happen, etc.
All that said, we certainly share your protective instincts, and we'll talk about what you bring up here as we get to work on that upcoming round of transcript request improvements.
-
Adam Sentz Just a point of clarification: Web transcript URLs can be deleted from Transcript Export History dialog.
-
Kirk Fatool While I'm sure the URL is very secure. There is consumer perception to consider. When we receive electronic transcripts they require logins, explicitly warn they will expire, etc. It all *seems* very secure even though I could simple email the transcript to whomever I wanted to. Something to give transcript recipients piece of mind would be good. Maybe a page at the start of every transcripts that says something to the effect of,
"Populi has encrypted this PDF SO HARD! Please don't fret"
-
Sarah Bierle Check out the release notes in regards to the new encryption process.
Nice work, Populi! Thanks for upgrading the process.
-
Adam Sentz @Sarah - Thanks for catching that!
Please sign in to leave a comment.