Stop someone from typing in URL and stealing data - data or groups only
Permalink
started making the site and now I am worried its a waste of time because I cannot protect the files from being seen by everyone wheo can figure out the url.
Each customer has a password protected page, I have sensitive data that they view which are files in their pages. Now it looks like there is not a way to protect the files. On my other sites I could have added the files at the end of the groups url page, this would password protect them from direct link, but it does not seem you can do that. the files are what they use and i cannot have them hidden behind the public.html either. Was thinkng maybe if I can block any crawler or hack program like XANU from being able to find the url that might work, not sure how.
Thanks for help.
Scott
Each customer has a password protected page, I have sensitive data that they view which are files in their pages. Now it looks like there is not a way to protect the files. On my other sites I could have added the files at the end of the groups url page, this would password protect them from direct link, but it does not seem you can do that. the files are what they use and i cannot have them hidden behind the public.html either. Was thinkng maybe if I can block any crawler or hack program like XANU from being able to find the url that might work, not sure how.
Thanks for help.
Scott
Hi process1,
You mention other sites, what system and protection method are they using?
Are you delivering the information to your users through an encrypted connection?
As far as I know, concrete5 has never made claims that basic password protection is suitable for data that falls under HIPAA and PCI Compliance.
Is there a reason why you chose to attempt this yourself opposed to hiring a developer experienced in security relating to HIPAA and PCI Compliance?
You mention other sites, what system and protection method are they using?
Are you delivering the information to your users through an encrypted connection?
As far as I know, concrete5 has never made claims that basic password protection is suitable for data that falls under HIPAA and PCI Compliance.
Is there a reason why you chose to attempt this yourself opposed to hiring a developer experienced in security relating to HIPAA and PCI Compliance?
CONCRETE5 could get you sued, it has ZERO SECURITY!!!