Security of student submissions stems from three features:
The login page, which checks to be sure that the student has a valid CS Dept Unix account. (This is validated by using the login name and password to open an FTP connection on ftp.cs.odu.edu.)
If you don't want your assignments to be accessible to every student in the entire CS dept., you can also supply a "roster file" that lists, one per line, each login name that you wish to grant access to the assignment. This is specified via a \xmlpair{roster} entry for the assignment:
<assignment>
<title>CS361: Keeping Your Distance</title>
<roster>/home/zeil/courses/cs361/Assignments/f10/roster.dat</roster>
...
The websubmit.cgi file itself is hosted on the Dept.'s secure HTTPS server, and runs under group "faculty". As a rule, therefore, all directories and files used by websubmit.cgi, including the submission directory and the submission information file itself, should be readable (and, for directories, executable) by group faculty but not by the world.