Return To The uTest Reference Site



When it comes to online/CD-ROM tests, there are a several security issues that are of concern. These security issues include:
  1. Preventing the user from accessing the answer key.

  2. Preventing the user's personal/test information from being compromised.

  3. Ensuring that the test taker is who he/she claims to be.

Below well will describe the how uTestTM can be configured to address the first two issues. Unfortunately, there's really not much that can be done about the third issue at this time.


SECURITY LEVEL 1

This is the lowest security level and is generally used for practice tests and/or training programs. This level includes any test that utilizes uTest's "Grade Answer Sheet" option. Level 1 Tests are not considered secure because the "Grade Answer Sheet" option involves putting the answer key somewhere on your server (or on your CD-ROM) ... and thus, users could technically find/view the answer key themselves in order to learn the correct answers. This level of security is also known as "the honor system".

SECURITY LEVEL 2

Security Level 2 Tests are slightly more secure than Level 1 Tests and can generally be used for most tests/quizzes in which the instructor does not want the answers to be immediately known. Level 2 Tests do not utilize uTest's "Grade Answer Sheet" option and thus, no answer key is put on your server (nor on your CD-ROM). Instead of a "Grade Answer Sheet" option, users are only given the "Print", "Email" or "Online" answer sheet options. The drawback to this security level is that there exists a remote possibility of someone intercepting the answer sheet when submitted via regular email or standard http protocol. (I.e., The information is not encrypted).

SECURITY LEVEL 3

Security Level 3 is the highest level of security and addresses the issue of protecting all information that is submitted by the user. This basically involves using the "Online" answer sheet option to submit the answer sheet to a secure server. For this option to work securely, the uTest CGI script (or your own custom CGI script) must be installed on a secure server so that when the data is submitted to the script, it is encrypted via the standard SSL protocol of the secure server. The example CGI Script (utest.pl) that is included with uTest also contains an "Answer Sheet Reader Utility" that can be used to securely read the data from the secure server.


Note that none of these security levels address the basic issue of ensuring that the person taking the test is indeed the person he/she claims to be. That is, there's really nothing to prevent someone from hiring someone else to take the test for them.... At least, not yet there isn't....)