Search the Community
Showing results for tags 'securing data'.
Having a problem with PageFileSecure. Everything was working before, but now it seems to be broken. We have a specific template that creates a protected page with multiple image & document fields. On creation these pages successfully appear with "-" prefix under assets/files. Registered & Logged In users used to be able to view the pages and download content on them. Now only the superuser can. I checked the permission and roles, and all these registered users still have the "login-register" role assigned to them. I checked the permissions on the "login-register" role and they still have the page-view permissions assigned for the locked page template together with home ( required by default). It's baffling. the .htaccess has not been touched or modified. I am running under 3.0.98 but tried on latest and seeing same issue. I am a bit lost with this one as to why only superuser account can do download and not the logged in as well :-( Anybody and ideas ?
A company approached me wanting to convert their paper-based ways of collecting customer information into electronic. Reason being they want to instead use a tablet (in office) and have them fill out everything electronically in order to prevent readability / processing errors and also offer the ability to fill out on their website. The type of information such a company needs from their client is pretty intense and detailed. Customers are filling out multiple documents disclosing personal information, not only about themselves, but also about the defendant - everything from vehicle registration, address / work history to personal identity to the fullest extent) - things like social security numbers, etc. It seems there isn't a sensitive data question not being asked. Not only that but they are also disclosing credit card info (for payment). It's pretty monumental in terms of data. I never accepted the project and said I'll look into what's possible but out of curiosity and being the curious type I am, I have already built a mobile-responsive / electronic version of their entire 200+ question form(s), complete with task completion status, page summary, auto-complete, validation, terms of service. It's damn beautiful but that was the easy. Even though I like getting my feet wet, I am wondering if I should continue or if it's even worth the headaches, not to mention the technical hurdles. The questions I am wondering are numerous (and for understandable reasons). I guess the top would be: I know all this data has to be encrypted and secured to the highest extent. I don't know what's involved or how deep it can get. I do know the risks and the laws governing storage of such sensitive data and also the penalties for the company if it gets stolen. So I'm hesitant to even take on this task for that reason alone; especially since I'm still very much a PHP / programming beginner (although devoted). I don't want to major f*** up I was thinking storage would be on the web host instead of some sort of in-office database? An online back-end would have to be created to retrieve information so that the company then could process it (they wanted it as a pdf). They need some way to retrieve the data. They need to be able to charge / have access to the credit card again at a later date so integration with a payment processor needs to be implemented, correct? I am asking more what direction / route / study material I should look into (first steps) more than specific procedures because I understand it's very involved. If I can't tackle this now, I would like to learn so I can accomplish this in the future because building, integrating and deploying things of this nature is where I would like to go. Just curious on your thoughts. Thanks everyone