The following warnings occurred:
Warning [2] Undefined array key "avatartype" - Line: 783 - File: global.php PHP 8.1.27 (Linux)
File Line Function
/global.php 783 errorHandler->error
/showthread.php 26 require_once
Warning [2] Undefined array key "avatartype" - Line: 783 - File: global.php PHP 8.1.27 (Linux)
File Line Function
/global.php 783 errorHandler->error
/showthread.php 26 require_once
Warning [2] Undefined variable $newpmmsg - Line: 40 - File: global.php(841) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/global.php(841) : eval()'d code 40 errorHandler->error
/global.php 841 eval
/showthread.php 26 require_once
Warning [2] Undefined array key "style" - Line: 909 - File: global.php PHP 8.1.27 (Linux)
File Line Function
/global.php 909 errorHandler->error
/showthread.php 26 require_once
Warning [2] Undefined property: MyLanguage::$lang_select_default - Line: 5024 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 5024 errorHandler->error
/global.php 909 build_theme_select
/showthread.php 26 require_once
Warning [2] Undefined array key "additionalgroups" - Line: 7162 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 7162 errorHandler->error
/inc/functions.php 5044 is_member
/global.php 909 build_theme_select
/showthread.php 26 require_once
Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1415 errorHandler->error
/inc/functions.php 1370 fetch_forum_permissions
/showthread.php 137 forum_permissions
Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1415 errorHandler->error
/inc/functions.php 1380 fetch_forum_permissions
/inc/functions.php 2909 forum_permissions
/showthread.php 621 build_forum_jump
Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1415 errorHandler->error
/inc/functions.php 1380 fetch_forum_permissions
/inc/functions.php 2909 forum_permissions
/showthread.php 621 build_forum_jump
Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1415 errorHandler->error
/inc/functions.php 1380 fetch_forum_permissions
/inc/functions.php 2909 forum_permissions
/showthread.php 621 build_forum_jump
Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1415 errorHandler->error
/inc/functions.php 1380 fetch_forum_permissions
/inc/functions.php 2909 forum_permissions
/showthread.php 621 build_forum_jump
Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1415 errorHandler->error
/inc/functions.php 1380 fetch_forum_permissions
/inc/functions.php 2909 forum_permissions
/showthread.php 621 build_forum_jump
Warning [2] Undefined array key 1 - Line: 1415 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1415 errorHandler->error
/inc/functions.php 1380 fetch_forum_permissions
/inc/functions.php 2909 forum_permissions
/showthread.php 621 build_forum_jump
Warning [2] Undefined array key "mybb" - Line: 1952 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 1952 errorHandler->error
/inc/functions_indicators.php 41 my_set_array_cookie
/showthread.php 629 mark_thread_read
Warning [2] Undefined property: MyLanguage::$ratings_update_error - Line: 5 - File: showthread.php(732) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/showthread.php(732) : eval()'d code 5 errorHandler->error
/showthread.php 732 eval
Warning [2] Undefined array key "additionalgroups" - Line: 7162 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 7162 errorHandler->error
/inc/functions_user.php 844 is_member
/inc/functions_post.php 406 purgespammer_show
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "profilefield" - Line: 6 - File: inc/functions_post.php(474) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php(474) : eval()'d code 6 errorHandler->error
/inc/functions_post.php 474 eval
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "canonlyreplyownthreads" - Line: 660 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 660 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showimages" - Line: 741 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 741 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showvideos" - Line: 746 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 746 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "additionalgroups" - Line: 7162 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 7162 errorHandler->error
/inc/functions_user.php 844 is_member
/inc/functions_post.php 406 purgespammer_show
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "profilefield" - Line: 6 - File: inc/functions_post.php(474) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php(474) : eval()'d code 6 errorHandler->error
/inc/functions_post.php 474 eval
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "canonlyreplyownthreads" - Line: 660 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 660 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showimages" - Line: 741 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 741 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showvideos" - Line: 746 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 746 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "additionalgroups" - Line: 7162 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 7162 errorHandler->error
/inc/functions_user.php 844 is_member
/inc/functions_post.php 406 purgespammer_show
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "profilefield" - Line: 6 - File: inc/functions_post.php(474) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php(474) : eval()'d code 6 errorHandler->error
/inc/functions_post.php 474 eval
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "canonlyreplyownthreads" - Line: 660 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 660 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showimages" - Line: 741 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 741 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showvideos" - Line: 746 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 746 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "additionalgroups" - Line: 7162 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 7162 errorHandler->error
/inc/functions_user.php 844 is_member
/inc/functions_post.php 406 purgespammer_show
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "profilefield" - Line: 6 - File: inc/functions_post.php(474) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php(474) : eval()'d code 6 errorHandler->error
/inc/functions_post.php 474 eval
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "canonlyreplyownthreads" - Line: 660 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 660 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showimages" - Line: 741 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 741 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showvideos" - Line: 746 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 746 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "additionalgroups" - Line: 7162 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 7162 errorHandler->error
/inc/functions_user.php 844 is_member
/inc/functions_post.php 406 purgespammer_show
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "profilefield" - Line: 6 - File: inc/functions_post.php(474) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php(474) : eval()'d code 6 errorHandler->error
/inc/functions_post.php 474 eval
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "canonlyreplyownthreads" - Line: 660 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 660 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showimages" - Line: 741 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 741 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showvideos" - Line: 746 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 746 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "additionalgroups" - Line: 7162 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 7162 errorHandler->error
/inc/functions_user.php 844 is_member
/inc/functions_post.php 406 purgespammer_show
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "profilefield" - Line: 6 - File: inc/functions_post.php(474) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php(474) : eval()'d code 6 errorHandler->error
/inc/functions_post.php 474 eval
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "canonlyreplyownthreads" - Line: 660 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 660 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showimages" - Line: 741 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 741 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showvideos" - Line: 746 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 746 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "additionalgroups" - Line: 7162 - File: inc/functions.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions.php 7162 errorHandler->error
/inc/functions_user.php 844 is_member
/inc/functions_post.php 406 purgespammer_show
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "profilefield" - Line: 6 - File: inc/functions_post.php(474) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php(474) : eval()'d code 6 errorHandler->error
/inc/functions_post.php 474 eval
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "canonlyreplyownthreads" - Line: 660 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 660 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showimages" - Line: 741 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 741 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "showvideos" - Line: 746 - File: inc/functions_post.php PHP 8.1.27 (Linux)
File Line Function
/inc/functions_post.php 746 errorHandler->error
/showthread.php 1070 build_postbit
Warning [2] Undefined array key "invisible" - Line: 1506 - File: showthread.php PHP 8.1.27 (Linux)
File Line Function
/showthread.php 1506 errorHandler->error
Warning [2] Undefined variable $threadnotesbox - Line: 30 - File: showthread.php(1533) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/showthread.php(1533) : eval()'d code 30 errorHandler->error
/showthread.php 1533 eval
Warning [2] Undefined variable $addremovesubscription - Line: 79 - File: showthread.php(1533) : eval()'d code PHP 8.1.27 (Linux)
File Line Function
/showthread.php(1533) : eval()'d code 79 errorHandler->error
/showthread.php 1533 eval



FORUMS


The Form Tools forums are no longer active, but the old posts have been archived here. Please see the Help page on how to get help / report issues.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Increased Security Module? (changed title)
#1
Please see reply to this below.
Reply
#2
Just updating and expanding this request as we're facing more and more demands for secure storage of information. Ultimately, we'll need to store almost all form-solicited information in an encrypted format, so we're trying to get a jump on this.

Some formtools interactivity that would really help us out:

1. An option to store all mysql data encrypted in the database. This isn't a full-proof security measure by any means, but it's important that our school "demonstrate steps" toward data security. Perhaps an option for forms where we could select ENCODE() and DECODE() or AES_ENCRYPT() and AES_DECRYPT() protection for that form's data?

2. For file uploads, since keeping them in the filesystem seems preferable to storing them as binary information in database, we'd love an option of storing uploads outside of the web root, so that they are accessible only through the formtools interface. Right now, we put protection on the uploaded files directory to prevent direct downloading of uploaded files, but it's an extra hassle for users. Also... and no doubt more difficult to implement... ultimately we need to store uploaded files in some sort of an encrypted format, so it would be great to have a "store uploaded files in encrypted format," in such a way that only authorized users in the formtools admin area could download/view uploaded documents.

I'm not sure how to handle these issues, but it sounds like a great task for an add-on increased security module! I would build and donate such a module, but it's not within my programming competence. I would certainly contribute what funds I could toward its creation, however, and I think it would be a great addition to Form Tools' already impressive features!
Reply
#3
Hi Andy,

Thank for the post - very interesting stuff!

1. encrypting form data

I agree, this would lend itself very well to a module. A few thoughts & concerns. First off, we'd need to use some sort of two-way encryption so that after extracting the data FT could decrypt it for displaying it, and THAT means that we need some sort of encryption key stored somewhere - maybe in config.php or something. That already worries me from a security standpoint: if the decryption key is stored in a PHP file somewhere, it seems like if someone has access to the database, then they can almost certainly get access to the server - which renders the encryption if not useless, at least not very useful.

The other option would be to quiz the user when they log in, to supply the encryption key. Annoying! But better from a security standpoint.

Secondly, encrypting-decrypting is fine for the Form Tools Core - but it would break any modules that query the database directly. Offhand, I suspect that's a fair number. So a number of modules would need to be updated.

2. File Uploads

I agree - storing files outside the webroot would be nice. The problem is that as soon as you do that, they can no longer be linked to via a web-browser; you'd need to actually move them to somewhere with a URL so that they can be browsed. I'd have to think about this one... but it actually sounds like a module in of itself!

Anyway, just a few thoughts. Very interesting stuff, but to be honest I don't think I'll be able to work on it anytime soon... I have a couple of modules & a lot of work to do on the Form Builder. That has to take priority.

All the best -

Ben
Reply
#4
Hey Ben,

Thanks for the quick reply. Just adding a couple notes/questions, so please feel free to ignore. I understand this is a back-burner feature at this point:

(Apr 27th, 2010, 9:00 AM)Ben Wrote: 1. encrypting form data

The other option would be to quiz the user when they log in, to supply the encryption key. Annoying! But better from a security standpoint.

Secondly, encrypting-decrypting is fine for the Form Tools Core - but it would break any modules that query the database directly. Offhand, I suspect that's a fair number. So a number of modules would need to be updated.

2. File Uploads

I agree - storing files outside the webroot would be nice. The problem is that as soon as you do that, they can no longer be linked to via a web-browser; you'd need to actually move them to somewhere with a URL so that they can be browsed. I'd have to think about this one... but it actually sounds like a module in of itself!

Anyway, just a few thoughts. Very interesting stuff, but to be honest I don't think I'll be able to work on it anytime soon... I have a couple of modules & a lot of work to do on the Form Builder. That has to take priority.

All the best -

Ben

1. As long as the encryption key could be an easily-typed phrase, or even a txt file stored locally on authorized client machines that could be selected and uploaded when prompted per session, I think that would be a fine tradeoff. In a lot of public spheres, the emphasis (for better or worse) is on "taking steps" to secure data, rather than solving it all at once. Clearly it would be better to solve the problem outright, but incremental progress is often demanded even when it's short of a perfect solution. This is not a reflection on Form Tools; it's a reflection on us and other bureaucratic entities. Even if, say, a key is stored in a config file, and someone gains access to encrypted data, it's still a better position for me to be able to say, "look, online data is online data. We protect it as best we can and we encrypt it on the server, but security measures are not full-proof, and just as a person could break into your office and take something off of your desk, our server, despite our precautions, could be the target of a criminal act that results in compromised data." I guess what I'm arguing is that baby steps toward increased security are still of great utility to some organizations, even if they have limitations.

2. I'm not sure about the file storage outside of the web root issues, but if a user is logged into the Form Tools admin area, and the php files have read/write to a file outside of the web root, couldn't the files be grabbed for download by a php call, or would they still need to be written to a temp directory first? This is a question more than a suggestion... lol... I just don't know. I'm not concerned about losing the functionality of web links in, say, emails... where a straight http call won't be able to grab anything outside of the web root. I realize this is an issue... but maybe it could be an either/or if the "increased security module" is used for a particular form... where file access is only granted through the Form Tools admin area if increased security is selected.

3. As always... I'm very appreciative of the product so far and I look forward to its development moving forward.

am
Reply
#5
Hah - it's possible this may become a higher priority. A rather high-profile client has expressed a need for a slew of tougher security, some of which lend themselves to being introduced to the core. Looks like this may prove to be a short-term goal, but we'll see how it goes.

Regarding your comments, I agree that baby steps are better than none. I tend to take on the programmer's mindset for problems in that they should be solved *completely*, but security measures aren't like that. For the storing the files outside of the webroot, yes, Form Tools would need to copy them into a temp folder within the webroot to allow download - or at least dynamically stream the content for downloading by the browser. I can see why this would be handy, but I think it'll end up lower priority.

Anyway, good speaking. I'm going to be making it more transparent what is being worked on in each version. Right now people can only find out exactly what's been worked on after each release [http://docs.formtools.org/changelog.php], which isn't much use. I'll make a post when that page is up and running.

Speak soon!

- Ben
Reply
#6
Hey, rather high-profile client, this Bud's... err Molson's for you!
Reply
#7
Wao ! the sunglasses are the best to style in the sun. The sunglasses complete the fashion. The custom coursework writing service are specially framed for the both girls and boys. It is available in the high quality range and the less cost.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)