I’m creating a form that lets members of an organization update their personal data in the member data base. Since including sensitive data in query links is insecure and forbidden, I created a way around this issue and would like to hear some feedback now from the security experts among us.
This is my idea:
- Generate a hash value column from all other columns for each row in the “personal data” table
- Send an email to every member with a link to the form of the “updated personal data” table and only the hash value ID as a pre filled, hidden, lookup value
- Pull all current sensitive data into the form as related columns of the ID lookup
- Let members submit their updated data, so you can override the original table after you checked the submissions
This is my doc:
I haven’t implemented the mail feature in this show doc, but you can click the individual form links.
Since it is necessary to include all lookup columns in the security settings, I have a few concerns:
- Is it possible for people with one link to show the hidden ID column and to select one of the other lookup IDs?
- Is the lookup table or the table behind the form accessable with simple hacking skills like sql injection?
- Would it improve the security to not store the hash values in the table but to evaluate them just in time?
- Is it still insecure to send those sensitive data back and forth via forms?
Thank you very much in advance,