Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
1
Hi,
In my new contract, I have to create some sort of administration for hospital all in php.
I won't go into too much details, but some person (like doctors) want to stay loggued in this administration all days without having to retype their password.
Of course, nurse (that are closer to patients so a patient could get access to the computer) have to retype their password more often.
The way I was thinking of keeping the session alive is to send an ajax request time to time whem the user is a doctor.
But I didn't find anywhere where I could output the session timeout time, I find a lot of article how to extends the session timeout, but nothing about retreiving it.
So anyone have an idea how to do so... or maybe a other way to extends the session based on the type of user?
Thx
4 replies to this topic
Back to top|
|
|
#2
Posted 16 August 2011 - 04:37 AM
WingedPanther
-
- Moderators
-
- 16,831 posts
A spammer's worst nightmare
- Location:Upstate, South Carolina
- Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
- Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others
Why not use a cookie to automatically reauthenticate? In that case, the session will still time out, but a doctor reconnecting will be automatically "reconnected", whereas a nurse would not. The only real concern would be if someone else gets on the doctor's computer.
The reality, however, is that the doctors may need to be reminded that enabling unauthorized access to patient records could cost them their license to practice, and are they sure they want to risk that?
The reality, however, is that the doctors may need to be reminded that enabling unauthorized access to patient records could cost them their license to practice, and are they sure they want to risk that?
#3
Posted 16 August 2011 - 04:45 AM
Vaielab
-
- Members
-
- 547 posts
Programming God
A simple cookie with some sort of ID that will reconnect the doctor... that seem unsecure.
And yes I told them about the security risk, but they only want to save time... and anyway it can't be as bad as the system they have now.
Anyone who work at the hospital (and I'm saying anyone even the lunch lady), have a advanced tab where they can execute sql code without restriction.
I was almost crying when I saw this...
And yes I told them about the security risk, but they only want to save time... and anyway it can't be as bad as the system they have now.
Anyone who work at the hospital (and I'm saying anyone even the lunch lady), have a advanced tab where they can execute sql code without restriction.
I was almost crying when I saw this...
#4
Posted 16 August 2011 - 06:49 AM
WingedPanther
-
- Moderators
-
- 16,831 posts
A spammer's worst nightmare
- Location:Upstate, South Carolina
- Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
- Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others
Having an open browser logged in as a doctor is also not secure.
Here's the problem, security and ease-of-use almost always get in each other's way.
Let's start with a different question: who's driving the project? If it's the doctors, then they can have whatever they want. If it's the board of directors who are responsible for keeping the hospital in good standing with the fed, the doctors can jump in a lake. I've dealt with pharmaceutical companies in the past, and I can tell you security is a BIG deal to them. I would not expect it to be different in a hospital. Start with who's neck will be on the line if there's a security breach, and get that person involved.
Here's the problem, security and ease-of-use almost always get in each other's way.
Let's start with a different question: who's driving the project? If it's the doctors, then they can have whatever they want. If it's the board of directors who are responsible for keeping the hospital in good standing with the fed, the doctors can jump in a lake. I've dealt with pharmaceutical companies in the past, and I can tell you security is a BIG deal to them. I would not expect it to be different in a hospital. Start with who's neck will be on the line if there's a security breach, and get that person involved.
#5
Posted 16 August 2011 - 06:57 AM
Vaielab
-
- Members
-
- 547 posts
Programming God
Good way of thinking, I like that... I'll try to get a meeting with the director soon
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
