Simple URL hack in PAWS lets you gain access to old style course members list

by on December 9, 2011 in News, Technology

Well, what do you know. That old Facebook classic “Stupid Things Overheard at the U of S” is full of handy surprises.

On Nov. 30, U of S student Huy Dang posted this in-depth guide on how you can access the old style (pre-Fall 2011) course homepages, complete with functioning course members lists. This is a wonderful little trick and full credit goes to Mr. Dang for discovering it, or at least bringing it to my attention.

Students and professors alike have been lamenting the loss of the course members list, among other useful features of the old style course homepages, since the U of S implemented lacklustre Blackboard based course homepages at the end of last summer.

I’ve summarized the core components of this simple URL hack and put together a quick step-by-step guide on how to access the course members page below.

Step 1: Log into Blackboard using this link: http://bblearn.usask.ca.

You’re looking for your U of S Course List on the Blackboard homepage. More specifically, you’re looking for the two numbers in parentheses separated by a period at the end of each course title (circled in yellow below).

The number on the left is the CRN ("Course Reference Number"). The number on the right indicates which year and month the class begins.

Step 2: Log into PAWS: http://paws.usask.ca

You’ll need to be logged into PAWS for the next step of the process to work. If you’ve been following the links in this article, you’re only logged into Blackboard, so you’ll need to use your NSID again to log into PAWS.

Step 3: In Blackboard, copy the numbers in the parentheses (including the period) and paste them onto the end of this link, after the = sign:

http://paws.usask.ca/jsp/grouptools/group/GroupRedirect.jsp?courseID=

For example, if I wanted to look up the old style course homepage for my English 307 class, I would start by copying the CRN and start date of the class, which is “88525.201109” (without the quotation marks). Then I would attach that to the end of the above link and copy and paste the whole thing into my browser’s address bar, like so:

http://paws.usask.ca/jsp/grouptools/group/GroupRedirect.jsp?courseID=88525.201109

Assuming I’m also logged into PAWS, after pressing enter, I’ll be taken to the course homepage.

Note: after pasting a complete link into your address bar and hitting enter, the link will change as it load the page. This is normal.

Step 4: Now we’re back in familiar territory. Click on “Members” on the bottom of the “Course Tools” column on the left hand side of the page.

Let the creeping studying begin!

That’s it! You should now be able to access the long lost course members list we had all come to know and love.

The email functionality of this version of the course homepage seems to work as well, but the same can’t be said for any of the hand-in folders or course materials sections — you’ll have to stick to Blackboard to access anything your professors have posted for you.


Images: Supplied


Social Networking

Follow the Sheaf on Twitter, Facebook and YouTube.

, , , , , , ,

  • anonymous

    I keep hearing in the Sheaf how students are lamenting the inability to find the names of other students in their class. In order to provide a fair and balanced discussion of the issues, has the Sheaf interviewed any of the students who in the past had received harassing emails and had problems with stalkers using this publicly advertised information to find their victims?

    The reason this ability was turned off was because of provincial and federal privacy laws that require the University to protect student’s privacy.

    Of course, by advertising this hack you have now made the day of every would-be stalker out there.

    • Bill

      you sound like someone involved on the back end. stalkers cant get into these pages you should know that, you have to be in the class to see it

    • Anonymous

      So you are saying someone in the same class can’t be a stalker? Google “Stalker classmate” for counter examples. In fact stalkers often try to sign up for the same class as the people they are stalking. That is the real story here that the Sheaf should be reporting, Not hack job criticisms of the measures taken to protect those people.

      As is pointed out in another comment, the Sheaf itself was well aware of the “creeping” aspect of what they were publishing and in fact promoting it. Very irresponsible.

    • Joe

      I wonder if the Sheaf legal department realizes that by publishing/publicizing this sort of “guide” they are opening themselves up to serious possible litigation should someone within a course be harassed or injured or worse by a stalker within their course?

    • PleaseSeeMeAfterClass

      The Sheaf is liable in the same way that it’s liable for publishing a how-to on signing up for twitter, facebook or 4square (perfect for all your stalking needs!). In other words, not at all.

    • NotALawyer

      Two problems with what you say.

      All the services you mention are services that people voluntarily sign up for and set up profiles in. That is not the case with the old PAWS tools. People had no way to opt out.

      Also, the potential legal problem is in using the phrase “Let the creeping begin” combined with instructions on URL hacking to get around security methods. This shows that the Sheaf had foreknowledge that this information could be used for stalking purposes.

    • Bob

      Well then nevermind! As long as you can absolve yourself of any responsibility, you should just say and do whatever you like. Cheerio and chip chop good sir. It is like talking to ignorance. I hope none of your future employers ever see how you conduct yourself. Luckily it is just on the internet so nobody will ever be able to find it attached to your names. “Let the creeping begin”.

  • bob

    “Let the creeping begin!” says the text of the second image! Who is editing these things? Holy smokes you guys have no class…

  • Danny

    Hey Usask give us back our study group tool

    • Guest

      Danny, they are working on it.

      This term the email tool is back, but by default you can only email instructors and teaching assistants, not see a list of other students (until the instructor turns on that ability).

      The instructions from the campus privacy officer state that instructors are supposed to notify all students that the email and class list tools will be turned on, then give students one week to change their Blackboard privacy settings to opt out of the listings if they so choose. (using the My Places link at the top of the page). So instructors CAN give this ability back to students. But only after respecting the privacy wishes of students who don’t want to be listed.

      Meanwhile ITS continues to work on a better solution to the problem. One that turns the tools on from the start with all students opted out but then let’s students who WANT to be listed easily list themselves without relying on a prof to turn the ability on.

      It is important to realize this is NOT a technical issue with the new course tools, and it is NOT a plot by ITS or the University to make problems for students. These changes were dictated by policy not technology and were done to comply with new federal and provincial laws to PROTECT students. Which is why this article that explains how students can circumvent those laws is so disturbing.

      Note these are my own opinions, not those of my employer.

  • Michael Cuthbertson

    There’s some legitimacy to worrying about stalkers using this. Sure they have to be “in the class” to get the list, but you can just sign up for classes, check the lists and drop them a second later.

    Having said that, it’s nice to know ahead of time if you have friends/acquaintances in your classes and for that reason I very much appreciate this hack.

    Thank you Bryn, you sneaky Pete.

    • NotALawyer

      Michael’s comments are probably the most interesting here.

      I admit I’m ancient. When I started University a computer filled a room and was programmed using paper punch cards. Registration consisted of filling out a paper form and standing in line for hours at the Registrar’s office to hand it in.

      Later, registration was improved so students could use the phone to sign up for classes.

      In both those cases, if I wanted to be in the same class as my friends, I had to actually sit down with my friends before hand and TALK to them. “What section of English 110 are you taking so I can sign up with you”.

      But according to this article talking to friends to coordinate registration is so last century. Instead we want to immediately know what our friends are doing and look up what courses they are taking. Somehow, students who praise this hack seem to think that is their right. But its not. It never was.

      The University isn’t in the business of figuring out who your friends are. It has no way of knowing if an individual is looking up friends, enemies, or people to kidnap and lock up in the basement. So yea, the University is guilty of following federal law by preventing you from seeing class information for other students without their knowledge or consent.

      I blame Facebook. People are so used now to knowing instantly what TV show their friends are watching, what games they are playing, or what restaurant they just went to. So people expect that kind of instant feedback for everything in their lives.

      But even in Facebook, these are options people must turn on, they aren’t on by default. Even Facebook respects people’s privacy and lets them opt out or simply not use Facebook if they don’t want. This hack destroys that capability for students in classes.

      I have nothing against friends sharing what classes they are taking. The solution is simple, as soon as you sign up for a class, tweet or set your facebook status to say what class you signed up for. Then all your friends will know it. But it isn’t the University’s responsibility to do this for you. In fact, it is the University’s responsibility to protect that information for you.

  • ABC

    I understand how the hack itself works, and I’ve used it a few times, but I just don’t get how this hack would give a real stalker any new information about or access to his victim that he could not get by other means just as easily. I understand the need to protect everyone’s privacy as much as possible, but it seems like everyone’s trying to blur the lines between the harmless internet “creeping” we all know and love and criminal stalking.

  • John Gal

    at Bole battle with the corpses of the enemies and soldiers taken prisoner by the troops winners buy Brand levitra In the XIII century BC Egyptian troops invaded Libya, who returned home with the winners trophy in 13 200 phalluses Brand levitra buy In the VI century BC, Babylon invaded Jerusalem and before leaving the city succumbed to the warriors turned the entire