[Previous entry: "Representation"] [Next entry: "A cat macro might be appropriate here"] (Previously on Interesting things you can do with WebCT 6 - calendaring.)

This was going to be a gentle walkthrough a rather technical process, but it got very boring. Basically, the WebCT permission management system uses extremely rough-grained access controls, and you can use manual URIs to access 'blocked' features.

Here is a basic URI for the title page of a WebCT unit at UWA:
http://webct6.uwa.edu.au/webct/urw/lcXXXXXXXXXXX.tpYYYYYYYYYYY/

That rather ugly URI is the section (unit) identifier. You can append a bunch of stuff on to that to get to various pages without clicking through the menus - for example, adding
startFrameSet.dowebct?forward=studentCourseView.dowebct&lcid=XXXXXXXXXXX
will send you to the title page of a unit.

By appending different things, you can access various WebCT functions which have been disabled - because in order to disable things, the WebCT administrators can only remove them from the menu.

The "My Files" tool was disabled on the UWA WebCT 6 installation, because it was taking up too much disk space, or confusing people, or something. Links to "My Files" disappeared on the prescribed date, and that was the end of that.

Well, almost.

If you take the base URI above for a given unit, and append
ctbDispatch.dowebct?insView=/fmExplorer.dowebct&desView=/fmExplorer.dowebct
&studentView=/fmExplorer.dowebct&toolName=FileManager&tab=view
&courseMapDisplayName=filemanager.CTBCourseMapDisplayName.myfiles
(ugly, huh?) - lo and behold, My Files appears.

Other useful functions include:

To be fair, this is nothing special; it's a pretty run-of-the-mill lack of access control, coupled with an attempt to obscure to secure. Stay tuned for the thrilling part 3, in which WebCT breaches real-live University policies!

One comment

Matt :: Wednesday, May 23rd

So, student numbers eh?