I am developing an intranet (database driven, ASP), for a college, accessable from the web via a unique Stdent ID number and password. The eventual aim of this is to enable students to view their grades and to submit course work etc.

However I am a little nervous of this as I have no idea how hard it is for other students to get into the system by finding out another students ID and Password by whatever means and therefore view their marks and personal record etc.

I am leaving the server security up to the techies, so my main area of interest is the security of the log in system I have used, which is the Dreamweaver Ultra Dev 4 Authenticate User Server Behaviour.

Any thoughts, links, advice etc on the who security issue would be most welcome.