Posts: 40
Threads: 7
Joined: Mar 2009
Reputation:
0
Two parter!
It would be nice if formtools could have options to:
1. Store uploaded files in mysql, rather than as files in a directory.
2. Store all submission information (including uploaded files!) in an encrypted format in mysql.
Posts: 2,456
Threads: 39
Joined: Dec 2008
Reputation:
6
Hey Andy,
I've always steered clear of storing files in databases because I read (years ago) that it wasn't "Best Practice". Did you have a particular scenario in mind for this?
Regarding #2, you could simulate this through the Submission Pre-Parser module. You could encrypt whatever fields you want using whatever encryption method you fancy, right before it gets added into the DB. Just an idea!
- Ben
Posts: 40
Threads: 7
Joined: Mar 2009
Reputation:
0
Dec 29th, 2009, 9:34 AM
(This post was last modified: Dec 29th, 2009, 9:38 AM by moorezilla.)
Hi Ben,
Happy Holidays!
You may very well be right that storing files in the database is not "best practice," as I am admittedly not an expert. It just seems to solve a few problems for me. Both of these suggestions spring from the same project.
We collect information from job applicants that could be considered sensitive. Since this information could be located in both form fields and in uploaded documents solicited through forms, I'm looking for a way to protect both at once.
Storing uploaded documents in mysql eliminates having a folder under the web root with all of the uploaded documents. Right now, I usually drop an extra .htaccess file in the directory to protect them, but this then requires an extra log in for people accessing these files either from links in emails or through the admin area of form tools.
Storing all data (including file uploads) encrypted in mysql solves all of my problems (at least in my mind!), since it eliminates the need to have a directory for file uploads in the web root, and it allows us to keep all information in an encrypted format on the server. Storing all data in an encrypted format is a directive that is coming down the pipe for us, so I'm trying to address it now.
Your suggestion to run an encryption routine before adding information to the database is great, but I thought it would be nice to have an option in form tools where you could click a checkbox and this would happen automagically. You might think this suggests that I am a lazy or inept programmer (you'd be correct!), but it's really a suggestion to make form tools even more robust and an even stronger agent of good in the fight against data piracy!
Let me know if I can add any additional information (or arguments!) for this.
Best,
am
