Community
Support » Before you start

Drupal as secure enrollment system?

Posted by Coop1979 on September 5, 2006 at 4:14am

Hi all - I've been working with Drupal for a year or so now and am looking into a new business venture that I would like to use Drupal to drive.

I'd like for the site to have the following capabilities.  These capabilities can be done using either existing modules or custom-made modules.  I'd really like to know if something is possible or not with Drupal. 

  • Non-Secured front page and informational pages (such as "about us")
  • User level
    • Secured Enrollment System able to use a visitor's SSN and PIN as their log-in.  This data will be pre-loaded into the database.
    • Once the user logs in, they will have the ability to go to a page to fill out an enrollment form with their demographic information pre-populated by the database (Name, Address, etc).
      • User will go through multi-page enrollment form selecting various options.
      • As user adds various options, a cart-like box will show their current chosen options and the total $ amount associated with those options.
      • For a possible future option (not looking for it to be in the first live version of the site) the end of the enrollment form should have the ability to pay current balance via credit card or electronic check and also have the option to perform a monthly auto-draft or select to receive a monthly billing statement.
  • Sponsor Level (2nd level of access)
    • This view would allow reporting of participation by product, site, and other various factors.  Reports would be available through viewing them online or downloading into Excel format.
    • This usergroup could also perform functions for various enrollees, such as adding or deleting products.
    • Import data
      • Have an upload module to accept data and load automatically if sent in specific format (.csv format with data in specific columns)
  • Admininstrator Level (3rd level of access)
    • Export data
      • Site should be able to export enrollee data in various formats
        • excel, .csv, or text formats
        • Data exports should be easy and versatile to meet various demands
      • Exports will need to be automated at some point

I know Drupal is very versatile with what it can do, but everything has its limits, so if Drupal isn't the right software to base this site on, please speak up.  Does all of this sound reasonable for Drupal to be able to achieve with a little investment?  If it does, I will be posting this project in the Paid Drupal Services area.  So if this sounds like something you're interested in working on, let me know.  And if there are any modules that come out of this project that can reasonably shared with the Drupal community, I'd be more than happy to share them.

Login or register to post comments Categories: ,

Comments

Regardless of Drupal

Posted by chx on September 5, 2006 at 5:28am

if I were you, i would move the SSN database to another server , not directly hooked to the Internet, which communicates in a very limited way with your webserver. The webserver sends an SSN and a PIN to the backend via socket and the backend answers yes or no. There is no other network accessible service running on the backend server. Crazy? Definitely. But you do not want that database to be snatched.
--
The news is Now Public | Drupal development: making the world better, one patch at a time. | please donate

--
Drupal development: making the world better, one patch at a time. | A bedroom without a teddy is like a face without a smile.

I wouldn't sign in with SSN

Posted by MacRonin on September 5, 2006 at 7:19am

I can't think of very many sites that would be able to convince me to use my SSN as a sign-in ID, and they would already have it for other reasons(like being a bank) I hope you consider having alternative IDs than the SSN

But if you insist on using it, I hope you make it impossible to hijack

Nature of the business

Posted by Coop1979 on September 5, 2006 at 12:12pm

Unfortunately it's the nature of the industry I'm in to use SSN as the data to key off of. Whether the SSN is used as the log in or not, the SSN would be a part of the database, so the data would have to be there anyway. There would obviously be a great deal of security involved in this site, as we would be liable for any data that is exposed to a hacker or whatnot.

Aside from the preference not to use of SSN as a login ID, do you all see any limitations in Drupal for what I'd like to achieve?

Yes it can be done

Posted by andremolnar on September 6, 2006 at 2:46pm

I have written EXACTLY this application in the past. The only difference was that the login information was on a completely different server and connected in the back end over a secure chanel for authentication.
The only component that wasn't part of the project was a .CSV data injection - but that's easy enough to do.

So yes - it can be done.

The site ran over the summer and handled several thousand registrations.
Feel free to contact me if you have any questions.

andre

Be Circle: the opposite of square

nobody click here