Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: [feature request]Permission on Custom Fields  (Read 5570 times)

0 Members and 1 Guest are viewing this topic.

chlee

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 12
    • Medical Media DataBank
[feature request]Permission on Custom Fields
« on: October 30, 2003, 04:22:39 pm »

Is it possible to set permission on custom fields and hide them from unauthorized users. I need these fields to store patients' id and names (something might violet patients' privacy) and reserve it for search by power users only.
Logged

hyperion

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Posts: 1317
  • - retired -
[feature request]Permission on Custom Fields
« Reply #1 on: October 30, 2003, 05:21:52 pm »

Is this on an intranet or internet?
Logged
"Then, Fletch," that bright creature said to him, and the voice was very kind, "let's begin with level flight . . . ."

-Richard Bach, Jonathan Livingston Seagull

(http://www.mozilla.org/products/firefox/buttons/getfirefox_small.png)

chlee

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 12
    • Medical Media DataBank
[feature request]Permission on Custom Fields
« Reply #2 on: October 30, 2003, 11:10:39 pm »

It is on internet. We got several hospitals using the same image database.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
[feature request]Permission on Custom Fields
« Reply #3 on: October 31, 2003, 05:17:33 am »

hm, I don't know where you're located and what laws apply in your country on confidential patient's data, but I doubt this would be a good idea, even if the custom fields where somehow protected. If you're using coppermine for this purpose only, I recommend "triple security" using
  • the built-in security of coppermine (album not visible to the public at all, no user registration, only admin can register new users)
  • password protection of the whole coppermine install by the webserver authentification tools (password protection with .htaccess)
  • transport on a more secure channel (https)[/list:u]GauGau
Logged

chlee

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 12
    • Medical Media DataBank
[feature request]Permission on Custom Fields
« Reply #4 on: November 01, 2003, 08:36:02 am »

Thanks for advice. Alreadly in https and set all albums to be private. Registeration by admin only.
I am setting up mod_auth_mysql and mod_perl for CPAN; also considering to use mod_access to limit IP access.
Logged

gtroll

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Posts: 618
    • CPG-Nuke
[feature request]Permission on Custom Fields
« Reply #5 on: November 01, 2003, 09:27:31 am »

Who would get access to the names etc of the patients in the custom fields? It might be better to enter the "names and addresses" as a number, store that number as the key to another db that the public does not have access to, with the names and addresses.
You could then write an custom admin app that could query both db's for reports....

I dont think anything in the same db is foolproof, and not for Medical Privacy standards.

chlee

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 12
    • Medical Media DataBank
[feature request]Permission on Custom Fields
« Reply #6 on: November 01, 2003, 11:45:25 am »

Actually, there is no privacy information on it except the chart number (with slight transformation from original chart number) I want to hide in one custom field for these images. These images are teaching materials for our training fellow doctors, not for business usage.

However, I think gaugau is right, sometimes we might failed to erase all the id information on a chest film if the image provider is not careful enough. And we might get in trouble with such things. A more solid secuirity should be a better policy.
Logged
Pages: [1]   Go Up
 

Page created in 0.015 seconds with 20 queries.