Chris, thanks. I've embedded some comments within yours below. Any feedback is appreciated.
Peter >Peter, > >Your question 4 answers your question 2, if they want to search the text >you would not be able to store the data as a image, you would have to >use some form of text based storage. You would need to setup something >to read the text from every file type you will allow to be uploaded, and >possibly provide some ad-hoc text entered by the user in the event you >cannot read from their document. > I was under the impression you could using full-text searching of documents stored in a SQL Server database. That would be the alternative to using Verity for the docs stored in the file system. Here's a link 9albeit somewhat biased I guess) that explains it - http://www.dbazine.com/sql/sql-articles/charran5 >Re. question 1, I don't think a more secure SSL certificate is any >harder to implement, I would go for a more secure one. Its always >better to error on the 'more secure' rather than less secure methods =) > >As far as storage goes, I run a document imaging system here using MS >SQL to maintain meta information about each document, and a pointer to a >.tiff image on our network. I used www.alternatiff.com as a web based >Tiff viewer (only works with tiffs unfortunately, but it's a great >program and works with IE or FF). If I was going for security though, I >think I would use some of the Coldfusion based encryption functions, and >store all my documents in some form of text, or you could even (if you >are really paranoid) read the image or document into memory using >cffile, encode to a database writable format, and store that after >encryption. I imagine that would be pretty slow to read, but it would >be the most secure method. > I personally don't think that any "security" other than SSL is required for this project. Some others involved think the files should be encrypted and stored in the database. Maybe I just don't understand the difference between the security provided by SSL and the additional security that encrypting the files and then storing them in the db will provide. I guess I just don't think it's worth the overhead that would be required to retrieve upwards of 50 documents, potentially, for a case and display them to a user in a browser. >To address item 3, Alternatiff provides a JavaScript api you can use to >pass in new images, so you could have a list of documents on a part of >your page, and when they click on it the plugin opens the new image >right inside your site (this is what I use now for document queuing and >an online indexing module) > So you're viewing one image of a document at a time. That's what I would normally use but the client is interesed in being able to view several at a time so that they can scroll through the case so to speak w/o having to open each document. Are you suggesting that I could use cffile to read several in at a time (to memory) and then display the group? >Hope any of my rambling helps! > >Chris Peterson >Gainey Corporation > >-----Original Message----- >From: Peter Legg [mailto:[EMAIL PROTECTED] >Sent: Thursday, June 01, 2006 12:20 PM >To: CF-Talk >Subject: Document Upload/Retrieval Security > >Hi, > >I've got a fed govt project where I need to allow for sensitive >documents (pdf, doc, wpd, gif, tiff, xls, txt - anything really) to be >uploaded via a secure (uname/pwd) CF app (6.1 currently) using SSL. I >have a number of questions: > >1) Is SSL (128-bit) secure enough for the upload/download/viewing of >these documents? > >2) Depending on #1, would you store the docs in the SQL Server 2000 >database as image data type or on the file system with metadata and >pointers to the files in a database table? Please explain your opinion. > >3) The client would like to be able to view several documents in a >browser at the same time, possibly all docs related to a case, so that >he/she can scroll through everything w/o having to open one doc at a >time. Is this possible? Are there COTS products out there that you >recommend? > >4) The client would also like to search the documents. I've assumed >that any scanned documents would have to be converted to PDF using OCR >in order to be searchable using Verity (using the file system approach). >Is that correct? Is Adobe's OCR product worthwhile? Are there other >COTS products that are better? > >TIA, Peter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:241952 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
