PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Fri Nov 15, 2019 4:49 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Sat Feb 13, 2010 12:07 pm 
Offline
Forum Newbie

Joined: Fri Feb 12, 2010 4:56 pm
Posts: 13


Top
 Profile  
 
PostPosted: Fri May 07, 2010 10:02 pm 
Offline
Forum Regular
User avatar

Joined: Sun Jul 01, 2007 7:11 am
Posts: 870
did you check if you actually have to do all that?



Top
 Profile  
 
PostPosted: Sun May 30, 2010 3:45 pm 
Offline
Forum Regular
User avatar

Joined: Sun Jul 01, 2007 7:11 am
Posts: 870
Hello,

Can you be more specific as to where did you get the specifications (like fulll audit trails??)

Thank you


Top
 Profile  
 
PostPosted: Tue Jun 29, 2010 11:07 pm 
Offline
Forum Newbie

Joined: Fri Feb 12, 2010 4:56 pm
Posts: 13
Sorry for the late reply. The documentation is well it sucks. If you read through all the links at:
You will see that full audit trail are required??...lol. If that answers your questions. Basically the best things to do are: record all logins/login attemps(including IP timestamp etc), Limit number of false login attemps, Automatic logoff after 20 min., Have user task defined access control, use either PITA or table replication to record all edits and deletes, and force strong passwords.


Top
 Profile  
 
PostPosted: Thu Aug 19, 2010 7:46 pm 
Offline
Forum Contributor
User avatar

Joined: Wed Apr 14, 2010 4:45 pm
Posts: 375
Location: UK
Hi,

Sorry I'm a bit late joining this discussion... :)

rufio1717 - I'm trying to implement a system similar to yours and came to the same conclusions about how to encrypt the patient data, namely:

1. encrypt the patient data with a symmetric key
2. encrypt the symmetric key with a public/private key pair
3. encrypt the private key with a passphrase

Are you still going with this approach, or are you doing anything differently now? The only issue I can see that makes this approach problematic is how to store the passphrase securely for the duration of the session; all the data in my application is encrypted and the passphrase has to be available pretty much every time the user does something. Also, in your application what happens if the user forgets their login password or decryption password? You can obviously generate a new login password if necessary but how would this work for the decryption password?

Thanks in advance,

Mecha Godzilla


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group