[thelist] large numbers of secure directories and client uploads: the best option?

[Philippe Jadin]

> I've a surgeon client who wants to put up a section on his site where
> referring doctors can consult reports on their patients' progress, and
> insurers can do similar. Obviously patient confidentiality is important,
> doctors only get to see their own patients' records. So far no big deal.
But
> the numbers involved would be several hundred individual doctors, and my
> client wants his non-technical staff to be able to upload the relevant
files
> themselves (probably a hundred or so a month, maybe less).
[...]
> This is not a high budget client!

The easiest way to do this would be to use a database. But it's kinda
incompatible with "low-budget". If you are ready to change server plateform,
you could effectivelly use *nix with apache and .htacess files. The security
model is still "basic" without a db, but you can for instance have
authentification based on a text file with usernames and passwords.

I would not do this though. If you have the time, look for the security
model of some other tools. You may find something interesting in either asp,
php, coldfusion... Or you could use zope (my choice for now) : the security
model is extremely powerfull, and really easy to setup. Basically, you
create folder with a user folder in them. Only granted users can go to those
folders. The model is "customer who have customers who have customers...".
You have doctors who have patients who have problems who... ;-).
At the same time, you can add ftp access / web upload access to each
individual user to each individual object on the site. It's really easy to
implement (no programming needed), and it won't be apita at all.

Whatever you choose, good luck !

Philippe