Adaryl, can you contact me off list? I'm interested in HIPAA security. Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED]
CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Adaryl Wakefield > Sent: Friday, December 05, 2003 5:16 PM > To: [EMAIL PROTECTED] > Subject: Re: [KCFusion] security > > > The site is already built. It has several applications built > for it over the years and each app has its own username and > password pair. I finally said forget this and Im intergrating > all the apps so they operate with one username password pair. > Some of the apps store info that is subject to HIPPA and that > is why im biting my nails about security. There is also a > bulletin board that has not exactly what I call top secret > info in it but pretty high level stuff we don't want getting > out. Imagine like the CEO of Accenture comunicating with the > VPs all over the globe. Its stuff like that. > > Adaryl Wakefield > Aviator by passion > Programmer by sheer force of will > ----- Original Message ----- > From: Glenn Crocker > To: [EMAIL PROTECTED] > Sent: Friday, December 05, 2003 4:06 PM > Subject: RE: [KCFusion] > > > Depends how secure your site needs to be. Does it _matter_ > whether they're who they said they are? If so, this solution > doesn't work. > > For many, many sites, all that matters is that the user be > able to log in and that you have an email address for them. > If you require knowing who they are, you'll have to do credit > card auth or hand out username/password combos through > pre-certified means. > > Striking a good balance between security and pissing off > your users is always tricky. If you can describe the kind of > site you're building, you'll probably get better suggestions > for appropriate solutions. > > -glenn > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Adaryl Wakefield Sent: Friday, December 05, 2003 4:03 PM To: [EMAIL PROTECTED] Subject: Re: [KCFusion] This was his argument to wit I said that that assumes that the person on the other end of the email is indeed the right person. Adaryl Wakefield Aviator by passion Programmer by sheer force of will ----- Original Message ----- From: Glenn Crocker To: [EMAIL PROTECTED] Sent: Friday, December 05, 2003 3:49 PM Subject: RE: [KCFusion] Depends on how secure your site needs to be. A reasonable middle ground is for users to give their email address, you email them a URL, they click the URL, you ask them to type a password. Now you know you have a valid email address for them, and they know their password. (The URL has the effect of the temp password, but feels more convenient to most users.) -glenn -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Adaryl Wakefield Sent: Friday, December 05, 2003 3:48 PM To: [EMAIL PROTECTED] Subject: [KCFusion] The desinger and I are having a discussion about security. I say that if people want their passwords they have to submit emails and answers to personal questions then I send them a temp password in email that they have to change themselves. He wants to do something more simple like type in your email address and we just send you your password. I think thats horribly insecure but that is the way Macromedia works. Opinions? Adaryl Wakefield Aviator by passion Programmer by sheer force of will --- [This E-mail scanned for viruses by Declude Virus] ========================================================= Kansas City ColdFusion User Group's website & listserv is hosted through the generous support of Clickdoug.com To send email to the list, email [EMAIL PROTECTED] To subscribe or unsubscribe, send an email to [EMAIL PROTECTED] with your request. For hosting solutions http://www.clickdoug.com Featuring Win2003 Enterprise, RedHat Linux, CFMX 6.1. ======================================================
