SFU internal development

A place for users and developers of the Xataface to discuss and receive support.

Postby asozzi » Tue May 02, 2006 2:36 pm

Hello, I just looked over your project here (you were on the SFU frontpage) and have a few questions.
We are developing a new Environmental Health and Safety web presence (formerly integrateed into the HR website).
And one of the things just screaming for a web application is the current system we use for bio safety permits. Of course it's all in a local Filemaker DB. So....

Do you think its possible to use the school login system (Peoplesoft I guess) for session ID's?
How secure do you think it would be? Some confidential info about the research may be included in the permits.
Does the granularity in permissions you talked about for v0.6 allow for users only viewing and editing their own entry (permit)?
How easy would you think it is to include a permit status/changes system like encountered in Wiki's. Since permits once submitted and approved should be able to be frozen.

Would you potentially be available for such a job (or could you recommend someone)?

Sorry for the question frenzy, but its nice to see such a product being developed "inhouse".

CIAO
Angelo
asozzi
 
Posts: 1
Joined: Wed Dec 31, 1969 5:00 pm

Postby shannah » Tue May 02, 2006 2:55 pm

Hi Angelo,

Glad you came to take a look at Dataface.

>Do you think its possible to use the school login system (Peoplesoft I guess) for session ID's?

Yes. SFU uses CAS (Central Authentication System) to allow users to log into any site securely. It is quite secure, as only the CAS login page ever deals with passwords, and they are handled by ACS in a secure fashion. I have set up a few PHP systems to use CAS authentication already and it is not very difficult.

As far as securing confidential information in the permits, Dataface will allow however tight of security that you require. In 0.5.3 (the current version) tight security is treated as *optional* which caused developers to have explicitly disallow certain operations if they wanted them to be secure. Starting with version 0.6 there will be a strict security mode that will default to read only permissions ( or whatever default you assign) which will result in a much more secure system.

The permissions in 0.6 are quite fine grained. Users can be given permission to only edit/view/delete, etc.. only certain records quite easily. All of the permissions are handled with delegate classes (in php methods) so they are also quite flexible. Any form of security you can dream, can be implemented.

I will contact you via email in regards to possibilities of working on this.

Best regards

Steve
--
Steve Hannah
@shannah78 (on twitter)
sjhannah.com blog
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 28 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved