hi there all, Have developed a system for a client where various online forms are passed between staff internally in the company as well as suppliers and external people,
each form has 2 different views, one to view a form submission, and another to view and edit a form submission (manager normally does this) All links to the forms include a MD5 hash which presently offers some security to the page that displays the form. Problem is that these links are sent out via email to people that staff want to view the forms, and the pages are 'public' if you have the link to view them (with the hash) The client wants to know is there a way to make it more secure without forcing a username / password security feature on the system ...as the ability to click on a link in an email to go through to the form works efficiently... basically wanting to increase the security... would placing these forms on a secure server provide this? ie instead of http://www.client.co.nz/form.php?hash=hgs8ohsduogh8s37h have: https://www.client.co.nz/form.php?hash=hdjgklsheugehsukl I am thinking all this does, is encrypt the contents of the page...but the links are still public domain...and accessible by anyone with the link.... any other advice / suggestions? -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
