Simplest way to allow secure uploads?

Issues related to forms.
Post Reply
Fredl
 
 
Posts: 134
Joined: Tue Feb 21, 2017 10:15 pm

Simplest way to allow secure uploads?

Post by Fredl »

I have a client that wants a simple website for her tax prep business. She would like her customers to securely upload their docs to her server. I have been studying the Login tools demo and am wondering if it's necessary for her purposes for clients to set up accounts, or could I configure an upload button that uses a visitors email address to give unique names to uploaded files in order to make them easy to find? If anybody has set up a secure doc upload function in WB19 I'd like to learn how you did it and how it has worked out. Also, can I import pages of the Login Tools demo into an existing project in case I go that route? Thanks as always for your tips and suggestions.
User avatar
BaconFries
 
 
Posts: 5640
Joined: Thu Aug 16, 2007 7:32 pm

Re: Simplest way to allow secure uploads?

Post by BaconFries »

There is a lot more to consider than just a "Simple" way to upload. To start with as it is tax details of individuals/clients then you will need to consider how are the uploads going to be encrypted in 128bit or 256bit?. How are they going to be stored, what encryption is going to be used on the server?.

Why all this, well so to ensure that there is no data breach of the client(s). The strongest commercially (yes requires payment) available encryption is AES 256-bit encryption so you may need to point this out to your client that it is important that she will need to ensure all data in whatever format is going to be secure on her server and only she and each client has access to.

You will also need to obtain a a SSL certificate (paid) this shows the client uploading that the site us secure to do so as previously you should mention this to your client and what the cost will be to her as not part of the website but a extra cost

Now I am not saying it is not possible/feasible with the software it is all of what I have mentioned that you will need to consider as you don't want any comeback from the client do you.

Just my thoughts nothing more nothing less.
Fredl
 
 
Posts: 134
Joined: Tue Feb 21, 2017 10:15 pm

Re: Simplest way to allow secure uploads?

Post by Fredl »

Thanks Baconfries, I intended on the SSL cert for sure, I'll have to look in to the encryption for the destination folder, paid solutions are expected for the safe storage of sensitive info, that's not an obstacle. I guess I was wondering what properties are baked in to the upload function native to WB19. I'll poke around and learn by doing.
Thanks again for your insights.
wwonderfull
 
 
Posts: 1439
Joined: Fri Aug 21, 2020 8:27 am
Contact:

Re: Simplest way to allow secure uploads?

Post by wwonderfull »

Login tools is advanced for sure with custom coding each client can even have their own dashboard area. The thing is it takes a lot of testing and not just that to make things secure for the users. As @BaconFries has mentioned encryption in terms of file uploading is an important role. The points he has mentioned should shed some light on your topic but as he also mentioned it may take more security measurements.

Web apps can be created even with WYSIWYG web builder and custom codes where each user will be able to see even their reports. But as a developer you must take into consider the fact that those information's do not get leaked as it does have privet financial data of businesses and the clients would not consider any declassification of data.

Uploading any file on the web even if you take files from google drive if the client of yours takes it even in that method it would be her responsibility that the files do not get leaked. Server does the server's work; it takes files when given and gives the file when you ask to download. After that it is all your responsibility. So, there are many securities which may be needed both from the code and the server. Isn't that how all the drives give us storage security; they also keep our files in a server.

Now some users do not like the free cloud storage as even they have their security problems and drawbacks that is the reason site owners do it on their own servers if they can do better or would want to take the responsibility of security on themselves.

NOTE: Do not send financial data using email. I already know about this. Emailing financial data can pose a security risk, as emails can be easily intercepted and accessed by unauthorized individuals.

So, in a way 2 options secure 3rd party drive or secure your own server.
Post Reply