Hi, On Wed, Sep 29, 2010 at 11:43 AM, Brendan Brink <[email protected]>wrote:
> hi there all, > > Have developed a system for a client where various online forms are > passed between staff internally in the company as well as suppliers > and external people, > > each form has 2 different views, one to view a form submission, and > another to view and edit a form submission (manager normally does > this) > > All links to the forms include a MD5 hash which presently offers some > security to the page that displays the form. > I had a client that forced me to use plain text stored passwords 5 years ago. However, their only Wellington employee being poached by their supplier cause them to rethink. You could let your customer know this story, or you could let him walk into that wall first. HTH, Kind Regards, Jochen Daum P.S.: If you made it down here, why not connect with me on LinkedIn Chief Automation Officer Automatem Ltd Phone: 09 630 3425 Mobile: 021 567 853 Email: [email protected] Skype: jochendaum Website: www.automatem.co.nz http://twitter.com/automatem http://nz.linkedin.com/in/automatem http://www.xing.com/go/invite/3425509.181107 http://www.aucklandbusinessnetworking.co.nz > > Problem is that these links are sent out via email to people that > staff want to view the forms, and the pages are 'public' if you have > the link to view them (with the hash) > > The client wants to know is there a way to make it more secure without > forcing a username / password security feature on the system ...as the > ability to click on a link in an email to go through to the form works > efficiently... > > basically wanting to increase the security... > > would placing these forms on a secure server provide this? > > ie instead of http://www.client.co.nz/form.php?hash=hgs8ohsduogh8s37h > > have: https://www.client.co.nz/form.php?hash=hdjgklsheugehsukl > > I am thinking all this does, is encrypt the contents of the page...but > the links are still public domain...and accessible by anyone with the > link.... > > any other advice / suggestions? > > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected]<nzphpug%[email protected]> > -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
