Course Feed


		Download

		Feedback

		Privacy

		Security

The CourseFeed Install Guide contains all the information you need to get CourseFeed setup for your school. Download the Install Guide

The CourseFeed Free Plug-in seamlessly integrates Facebook with your school’s online learning management system without requiring users to hand over login credentials. Request the Free Plug-in.

As outlined in the Install Guide, you need to create a Gateway user account and submit the details online here: Submit Gateway Account Details

Security risks exist in any online environment. CourseFeed takes appropriate and industry standard measures to protect the security of its systems and the systems with which it integrates. The security risks associated with using CourseFeed depend on the version made available at the institution. This document details the security measures CourseFeed takes to protect information.

Plug-in Version
Deploying CourseFeed as a plug-in is very safe. Areas of interest are the plug-in, the “CourseFeedGateway” user account, data transmission, and database storage.

CourseFeed Plug-in
The CourseFeed plug-in is installed on the school’s learning management system server and when called, emulates individual users, one at a time, to access course content. The plug-in must be called to run and can only be called when presented with a secure digital signature. That digital signature is presented to the CourseFeed Plug-in by the CourseFeedGateway and is only accessible by ClassTop, Inc. employees who are require to have access to perform their jobs.

CourseFeedGateway User Account
The CourseFeedGateway user account is setup and maintained by the school and should be given no rights in the learning management system beyond just existing. The CourseFeedGateway user account should not be enrolled in any courses. The purpose of the CourseFeedGateway user account is to call and run the plug-in. Because the plug-in requires a digital signature to run, if the CourseFeedGateway user account credentials are compromised security exposure is minimal because the credentials do not grant the user access to call the plug-in or access any course content or data.

Data Transmission
Data is transferred from school servers using SSL encryption and deposited in the CourseFeed database.

Database Storage
All course information and data for students using CourseFeed is stored in a database behind an industry-hardened firewall at a commercial Internet Service Provider.

Screen-skimmer Version
There are three stages of the flow of passwords through CourseFeed. Each stage uses the strongest protection available. The stages are as follows: client browser to CourseFeed; database storage; CourseFeed to the online content system.

Client browser to CourseFeed
Within the web page itself, using JavaScript, the user's password is encrypted before being sent over the Internet. This protects the password from being discovered by “packet sniffers” that analyze network traffic and the messages they contain. The encryption algorithm used is RSA public-private key with 1024 bits. The public key is used to encrypt the password while the private key is the only way to decrypt it and it is never transferred outside of the company. This is commonly recognized as one of the strongest ways to protect data.

Database Storage
Once the password is received from the browser, it is re-encrypted for storage in the database using additional measures to provide layers of protection. The password is encrypted using a secret value from a configuration, from a code-embedded value, and a time-generated value. Thus, a hacker would have to crack three values, each protected and located separately. This method is known as Rijndael/AES with 256 bits. The Database is stored behind an industry-hardened firewall at a commercial Internet Service Provider.

CourseFeed to the Learning Management System.
From CourseFeed to the online content system server, the same methodology is used as from the client browser. Typically, this is SSL.

Human Considerations
Any database can be accessed by system administrators or other employees with access. This is true of the school, a hosted site, as well as at ClassTop (maker of CourseFeed). ClassTop limits access to the database, background checks employees, and contractually bounds employees not to divulge any methods or values kept. This helps ensure the security of not only the passwords, but the data the password is meant to protect.

The methods discussed here are considered to be the industry-standard and are widely used. ClassTop and CourseFeed utilize these methods to protect all aspects of the user's and school's data.
Effective Date: December 20, 200