Arnoldians Online Security and Technical Detail
1. You will receive a unique username and password. These will arrive in two separate emails.
2. Two emails from the same source may be considered as "SPAM" by some systems so please check and ensure your system accepts the Arnoldians Online URL as a safe sender.
3. a. The system supporting Arnoldians Online is called web ALUMNUS, a powerful membership management facility developed by Abattia, a London-based specialist software company. Arnoldians Online incorporates Abattia's innovative data privacy technology - "The Consensus Wrapper", which enables us to offer you a secure service according to your preferences for the disclosure and use of your personal data, while allowing us to comply with privacy regulations.
b. The system will protect your rights over the data it holds about you. You will be able to control which data are held on the system, and whether these data are visible to other users.
4. The Arnoldians Online system will ensure that we handle your personal data in the way that you specify.
5. Arnoldians Online keeps track of how, and by whom, it is used. When signing on for the first time, all users must agree to clearly stated terms of use, which are monitored and strictly enforced.
6. The system will operate from dedicated servers protected by an industry-strength firewall, which will be monitored and updated continuously.
7. the most recent update in September 2008 is repeated below and includes some technical detail on URLs and SSLs.
128 bit SSL Encryption Now Included on Logon and Password Change Pages
Firstly, what is SSL?
SSL stands for Secure Sockets Layer and is a security protocol that has become the standard for exchanging confidential information between a web server and a client PC. When a browser connects to an SSL server (in this case, the web ALUMNUS server), it automatically requests that the server provides its digital "Certificate of Authority" (CA). This digital certificate positively identifies the server's identity to ensure that you are not sending sensitive data to a hacker or phishing site. The CA is issued by a "trusted authority" and also contains information about the domain and a digital signature. Once the connection to the site is complete, all data submitted between the server and client machines is encrypted and cannot be read "en-route".
An Important Note About URL's
What is a URL?
A URL is a Uniform Resource Locator and is the web address that you type into a browser to load a web page. For example, the URL of the BBC home page is http://www.bbc.co.uk . The first part of this URL indicates the type of content that the page contains. Most websites use http (Hypertext Transfer Protocol) as their prefix. However, sites that utilize SSL will commonly have a URL that starts https (Hypertext Transfer Protocol over Secure Socket Layer). This means that all web ALUMNUS sites will now have this https prefix to their address. However, when implementing the SSL protocol into web ALUMNUS, we had to ensure that your previously notified URL would still function without intervention. This is the case, so if your original web ALUMNUS URL was:
http://www.webalumnus.com/userlogon.asp?oid=12345 (the number is your unique web ALUMNUS user number matching your Username and password)
This will still continue to function correctly. However, you may notice some differences:
1. A Security Information dialogue box may appear when loading the page:
This box may appear (depending on the browser settings), to inform the user that it is trying to load an SSL page that also includes non SSL data. In the context of web ALUMNUS, non SSL data could be images or other standard http data. It is safe to click Yes at this point - clicking No may result in undesired effects (images not loading etc).
2. The URL for your website changes to take account of the new SSL functionality.
In previous versions of web ALUMNUS, the URL that appears in the browser window once the home page has loaded always changed. Using the URL above as an example, once loaded, this would have previously displayed as:
http://www.webalumnus.com/wa/userlogon.aspx?oid=12345
In this SSL enabled version, the URL will now display as: https://www.webalumnus.com/wa/userlogon.aspx?oid=12345
You will notice that the only difference between the 2 is the inclusion of the "s" at the end of the http prefix. This s is a direct result of the introduction of SSL on the logon page. Whilst your original URL for web ALUMNUS will continue to function without amendment, it is therefore possible that some may have "bookmarked" the original changed URL, and attempt to use that to connect to your web ALUMNUS site. This will not work, and will result in the following appearing in the browser:
(The above has been taken from Internet Explorer 7 - other versions or browsers may display slightly different text).
Although this may look alarming at first, this message contains the required action a user needs to take to gain access to the website. Simply ensuring that the URL starts with https, rather than http will correct this problem. Some users may have bookmarked the original "changed" web ALUMNUS URL, rather than the standard URL originally issued - using this will mean that you may get members who receive the above error when trying to reconnect. In addition, if you call your web ALUMNUS site from another website (eg: your organisations main web site), you may wish to check the link used.