I am in the initial proving phase of setting up the website and exploring options for loading classmate's basic data in readiness for the initial launch. However, my university is struggling to give me a classlist because once it's loaded, the general public will be able to see the all classmates names listed in the website. They are OK with registered/active names being displayed. However, they are uncomfortable with the names of classmates who haven't yet registered being displayed.

What are my options for addressing this? Or setting security options so that only registered/active names are visible to the general public?

There are a whole variety of security options here based on your own specific situation and what your needs are. You can set a combination of things anywhere from low to medium to high security (such as the New Classmate Verification feature you'll find under your Preferences link). What you'll generally find is security comes with a cost -- and that cost is more time spent by the Administrator. That's fine, and a very normal part of the process if your situation falls into one of requiring higher security, which it does.

In your case if you want to hide the Classmates' names you just need to password protect your Classmate Profiles page. That way only registered Classmates can see that page. Of course, the way you join the site is by going to that page and clicking on your own name, so people aren't going to be able to do that without being provided your "system password" (which you can set by clicking on Edit Site Pages) in advance. When you password protect your Classmate Profiles page there are a couple of ways you can go here:

1) Use your Email The Class feature to broadcast out to all Classmates your system password, and tell them about your site, tell them how to join by clicking your Classmate Profiles link, and tell them they'll need the system password to get in.

2) Wait for people to find your site. One by one they'll have to write in and request the password, so generally if you have a good collection of email addresses in advance I'd usually go for #1 above instead.

FYI, there is no way to join the site without clicking on your own name that has been pre-entered by an Administrator. This can take a little time to set up in advance, and clearly running the system with the join page password protected is going to lead to more work for you, but believe me when I tell you it's a far better structure than one where anyone and everyone can just come into the site and start joining up. Your work in getting past the initial "join hurdle" will be well worth it, and you'll wind up with a more secure, more successful site.

And one final FYI: I don't generally recommend password protecting the Classmate Profiles page. All you can get there is a list of names -- no personal details or anything else. Finding out where somebody attended school is incredibly easy to do outside of seeing somebody's name on a class list on a class web site. Thus in reality you're not really securing very much by password protecting the Classmate Profiles page. But, like I said above, every class has different needs and requirements, so if that's something you're needing to do to fulfill those requirements, that option is there for you.

Hi Steve,

I recently had to step up the security level after a spate of idiots pretending to be someone whose name they saw on the Classmate Profiles list. As some of my names went back 60+ years it was always going to be difficult to confirm identities. In the end I opted for the Classmate Verification feature. As Brad says, the process is a little longer but, since using it I'm more confident that the people who are registering are who they say they are. When I add a name to the list I also send an e-mail to the applicant explaining what questions they MUST answer on their Profile and that they won't receive access to the password-protected pages until I'm satisfied. Those who still try to register in the hope that you have no records to check their name against, or in the belief that you wouldn't know whether they went to the school or not,often lose interest if they have to go through the verification process and you take your time doing it. I believe this has happened to me a few times when I've taken a while to check with other Classmates whether they recognise the name or when I've weighed up the chances of the applicant being genuine. The delay gets the applicant suspicious and they lose interest.

The only names on my Classmate Profiles list are those who have already registered and been verified, and those which have just been put there by me at someone's request, awaiting completion of their Profile (which I'll only allow them a few days to do before I remove the name - genuine applicants will ask again) and verification. With that in mind there is no need , as Brad says, to password-protect the Classmate Profiles page. I did make a point of password-protecting pages where browsers could find names they could possibly make use of elsewhere. A page like the In Memory page is one of those as it's open to abuse by identity thieves who'll use a deceased person's name to obtain birth details etc and take on that person's identity. I don't know how much of a problem that is in the US but it does happen in the UK.

Sorry if I'm sounding a little paranoid, but I do believe we owe it to Classmates, both living and deceased, to ensure we do our best to prevent information about them falling into the wrong hands. Ensuring they tick the Profile Visibility box on their Profile also helps as does making sure I don't inadvertently publish a Classmate's e-mail address or phone number on any of the pages that are not password-protected. I did this recently when a Classmate wanted to sell something by advertising it on the site and found he was being inundated with e-mails and bogus phone calls from people who had browsed the site but were only interested in what they could sell him! Lesson learnt quickly.

I hope my experiences over the last year will help your thinking on what's best for your site. Brad's right when he says every site has different needs and requirements but if you want to confirm what level of security your site needs why not ask your existing Classmates? At the end of the day, you and I might be doing all the work but we still need to keep the customers satisfied.

Good luck.
Mark Foulsham

Brad/Mike - thanks for the comprehensive replies. I'm not sure which way I will go yet, but I certianly now understand my options. Thanks.

Mike - I actually live in the London, so I know what you mean.