I’ve got a site and will be allowing customers to register. Once registered I want to allow them to view if they have any money in their (real life, offline) account that I run for them. I’ve got a workeable solution, but it seems like it’s probably very insecure.
Working solution: I use cimy-user-extra-fields to give me an ‘account number’ and ‘balance’ field. I then set these values in each user’s profiles. I then have a page that picks up the current logged-in user’s user ID and uses that to search cimy for the information for that user – which is displayed on the page.
I assume that none of the information is being stored in an encrypted form in my demo and, of course, the page itself isn’t being provided over SSL. Is there a plugin that will deal with all of this for me or is there a piece-meal solution that anyone can offer? I’ve seen Admin SSL, which could deal with making the page that provides the data secure, but what about securing where the data is stored in the database – do I need to worry about this? Do I also have to worry about anyone somehow forcing cimy to give information for a user other than the logged in user somehow?
Any suggestions gratefully accepted
- The topic ‘store secure information’ is closed to new replies.