Apr 27th, 2010, 5:05 AM
(This post was last modified: Apr 27th, 2010, 5:07 AM by moorezilla.)
Just updating and expanding this request as we're facing more and more demands for secure storage of information. Ultimately, we'll need to store almost all form-solicited information in an encrypted format, so we're trying to get a jump on this.
Some formtools interactivity that would really help us out:
1. An option to store all mysql data encrypted in the database. This isn't a full-proof security measure by any means, but it's important that our school "demonstrate steps" toward data security. Perhaps an option for forms where we could select ENCODE() and DECODE() or AES_ENCRYPT() and AES_DECRYPT() protection for that form's data?
2. For file uploads, since keeping them in the filesystem seems preferable to storing them as binary information in database, we'd love an option of storing uploads outside of the web root, so that they are accessible only through the formtools interface. Right now, we put protection on the uploaded files directory to prevent direct downloading of uploaded files, but it's an extra hassle for users. Also... and no doubt more difficult to implement... ultimately we need to store uploaded files in some sort of an encrypted format, so it would be great to have a "store uploaded files in encrypted format," in such a way that only authorized users in the formtools admin area could download/view uploaded documents.
I'm not sure how to handle these issues, but it sounds like a great task for an add-on increased security module! I would build and donate such a module, but it's not within my programming competence. I would certainly contribute what funds I could toward its creation, however, and I think it would be a great addition to Form Tools' already impressive features!
Some formtools interactivity that would really help us out:
1. An option to store all mysql data encrypted in the database. This isn't a full-proof security measure by any means, but it's important that our school "demonstrate steps" toward data security. Perhaps an option for forms where we could select ENCODE() and DECODE() or AES_ENCRYPT() and AES_DECRYPT() protection for that form's data?
2. For file uploads, since keeping them in the filesystem seems preferable to storing them as binary information in database, we'd love an option of storing uploads outside of the web root, so that they are accessible only through the formtools interface. Right now, we put protection on the uploaded files directory to prevent direct downloading of uploaded files, but it's an extra hassle for users. Also... and no doubt more difficult to implement... ultimately we need to store uploaded files in some sort of an encrypted format, so it would be great to have a "store uploaded files in encrypted format," in such a way that only authorized users in the formtools admin area could download/view uploaded documents.
I'm not sure how to handle these issues, but it sounds like a great task for an add-on increased security module! I would build and donate such a module, but it's not within my programming competence. I would certainly contribute what funds I could toward its creation, however, and I think it would be a great addition to Form Tools' already impressive features!