--- Petre Agenbag <[EMAIL PROTECTED]> wrote: > I have a rather annoying problem regarding forms. > I have built an app that allows the users to fill > in a rather large form (much like a claim form) > and then have the data pumped into a mysql db. > The problem is: the users want to be able to > "save" their forms on their systems as a) > backup/proof that they have filled it in and b) > for their records for future use and c) the hope > is that it would also allow for a reliable method > to complete the form off-line and then submit it > when online again.
Well, this sounds like a bad idea in general, but if you have no choice in the matter, I suppose cookies can fulfill the need. Anything you implement like this is going to lessen the security of the data, because rather than the client sending it to you once, you are going to expose it over the Internet several times. If this risk is acceptable for whatever reason, then cookies are probably no less secure for this data than anything else. Normally, I would highly recommend *not* storing client data on cookies, because that opens you up to several types of attacks, but you can accomplish what you want to do with this method. Only "punish" those who want this feature by setting these cookies only for those who choose to save this data locally. You could help the situation by encrypting the data in your cookies, so that only presentation attacks are a concern, but your users wouldn't be able to easily look at their data as verification of anything. My recommendation is to leverage your position as the technical expert to advise a more proper solution, one that you agree to, not them. They should not be consulted regarding application design unless they have experience with it. Rather, they should be describing their needs and let you (or the technical lead / project manager) do the technical design. Good luck to you. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
