Fabrik - Security

wed.engineering

wed.engineering

New Member
Hi guys,

I am using fabrik to build a form where:
1 - user1 submits a question and his personal email that it's only visible (access) to joomla group 'Special' and 'user1' only.
2 - user2 see's in the list user1 question... and if he knows the answer, he can edit the form and place's the answer he thinks it's the solution along with his personal email that is also visible (access) to joomla group 'Special' and 'user2' only.

My concern is: when user2 edit's the form and look at the source code of the form, he can see there an hidden field regarding the user1 personal email!! Ok the field is hidden and the value is encrypted ... but is there!!

is this safe? :)

Many thanks for any clarification on this subject.

Regards,
Pedro
 
As you said, it's encrypted. It's not heavy duty encryption (we use J!'s JCrypt) so it depends on how safe you want it to be.

The alternative is to use two copies of your list, one for posing questions and one for answering, unpublish the emails you don't want in each one. For sending emails, assuming you are using the form email plugin, you could use the "email to (eval)" field to look up the recipient email in the table using the rowid.

-- hugh
 
Hi Hugh,

If I understood correctly you suggestion: do you mean create two lists pointing to the same datatable? but on each one unpublished the undesired email fields? Is this possible?


Thanks
 
Yes. Select the list on the main Lists tab and hit "Copy". That will create a new set of list/form/group(s)/elements, using the same underlying table, which can be configured independently. The elements will initially be "linked" to the originals, and inherit settings from their "parent", but you can unlink them (Fabrik will ask if you want to do that when you edit one).

-- hugh
 
I see and in this scenario I must unlink all the fields in the "Copy List" in order to perform whatever changes I need? What do you advise?

- So in the original List I have three published fields: user1 question, user1 personal email (only visible to him and special group) and user2 answer ... and unpublish user2 email field.
- In the copy List I have again three published fields: question, answer and user2 personal email (only visible to him and special group) ... and I unpublish user1 personal email.

Again many thanks Hugh for you kind support.
Regards
 
Yes, you would either unlink and change settings, or unpublish elements you don't need.

That's the point of being able to copy lists, so you can set up different "views" of the same data, with different access controls, etc.

-- hugh
 
You must log in or register to reply here.

Useful links

  • Create a Fabrik Account (Downloads)
  • Create a Forum Account
  • Fabrik Wiki
  • Fabrik 4 Changelog /Install /Upgrade
    • We are in need of some funding.
    More details.

    Thank you.

    Members online

    Total: 119 (members: 2, guests: 117)
    Back
    Top