Forums

I'm developing an app that will let selected users (they belong in a group) enter data through a CF form.
Other selected users, let's say managers or publisher, will check the content of the data and publish it.
I'll manage the workflow with a status field. The status field has 3 values:
[list]

draft

ok to publish

published

[/list]

Only the publishers should be able to assign the published value to a record.

I wonder about the security of this setting. And I wonder about the security of form submissions in general.

My questions are:
[list]

Is there a standard way in CF4 to manage the values of a field that should be changed only by code (after a user action) and on a user profile basis?

Is it possible to craft a post in order to set the status field (or any other field)

Other systems (I know of cakephp) have a security feature that lets the programmer limit the submitted/saved fields to a predefined list. Is there anything similar in CF4?

Is the security model of joomla/CF4 strong enough so that, if a form/app is accessible only to pre-registered users, I can trust any data submitted?

[/list]

Thank you
maxx

Hi Maxx,

The short answer is that you can do all of this with server side validation and possibly some custom code as well.

ChronoForms does nothing to ensure your data security or integrity unless you use the available actions to add it.

Bob

PS in this case I'd also use code in the OnLoad event to remove the status input for unauthorised users.

The short answer is that you can do all of this with server side validation and possibly some custom code as well.

ChronoForms does nothing to ensure your data security or integrity unless you use the available actions to add it.

I added Authenticator and Check Token actions. I'll read again the faqs.

PS in this case I'd also use code in the OnLoad event to remove the status input for unauthorised users.

I agree, I'll do that.

Thank you
maxx