Apr 27th, 2010, 9:00 AM
Hi Andy,
Thank for the post - very interesting stuff!
1. encrypting form data
I agree, this would lend itself very well to a module. A few thoughts & concerns. First off, we'd need to use some sort of two-way encryption so that after extracting the data FT could decrypt it for displaying it, and THAT means that we need some sort of encryption key stored somewhere - maybe in config.php or something. That already worries me from a security standpoint: if the decryption key is stored in a PHP file somewhere, it seems like if someone has access to the database, then they can almost certainly get access to the server - which renders the encryption if not useless, at least not very useful.
The other option would be to quiz the user when they log in, to supply the encryption key. Annoying! But better from a security standpoint.
Secondly, encrypting-decrypting is fine for the Form Tools Core - but it would break any modules that query the database directly. Offhand, I suspect that's a fair number. So a number of modules would need to be updated.
2. File Uploads
I agree - storing files outside the webroot would be nice. The problem is that as soon as you do that, they can no longer be linked to via a web-browser; you'd need to actually move them to somewhere with a URL so that they can be browsed. I'd have to think about this one... but it actually sounds like a module in of itself!
Anyway, just a few thoughts. Very interesting stuff, but to be honest I don't think I'll be able to work on it anytime soon... I have a couple of modules & a lot of work to do on the Form Builder. That has to take priority.
All the best -
Ben
Thank for the post - very interesting stuff!
1. encrypting form data
I agree, this would lend itself very well to a module. A few thoughts & concerns. First off, we'd need to use some sort of two-way encryption so that after extracting the data FT could decrypt it for displaying it, and THAT means that we need some sort of encryption key stored somewhere - maybe in config.php or something. That already worries me from a security standpoint: if the decryption key is stored in a PHP file somewhere, it seems like if someone has access to the database, then they can almost certainly get access to the server - which renders the encryption if not useless, at least not very useful.
The other option would be to quiz the user when they log in, to supply the encryption key. Annoying! But better from a security standpoint.
Secondly, encrypting-decrypting is fine for the Form Tools Core - but it would break any modules that query the database directly. Offhand, I suspect that's a fair number. So a number of modules would need to be updated.
2. File Uploads
I agree - storing files outside the webroot would be nice. The problem is that as soon as you do that, they can no longer be linked to via a web-browser; you'd need to actually move them to somewhere with a URL so that they can be browsed. I'd have to think about this one... but it actually sounds like a module in of itself!
Anyway, just a few thoughts. Very interesting stuff, but to be honest I don't think I'll be able to work on it anytime soon... I have a couple of modules & a lot of work to do on the Form Builder. That has to take priority.
All the best -
Ben