Welcome to the Treehouse Community
Looking to learn something new?
Formmailer with medical data - php? rails? something else?
I'm programming a website where a** form-mailer** will be involved.
The data the website visitor can send will be medical data. I already completed the "building a simple rails app" badge and wanted to get accustomed to rails by building this simple mailer. As I'm also using a commercial html-template for the website itself so I would have to merge the template which is somehow based on html and php (no bootstrap, no foundation). However after having completed the rails badge (which is really cool !) I realized that this approach might be easier if I started a new rails project from scratch. Merging a rails scaffold with the existing html template seems a little to much to me right now. I still want to stick with the html/php template. Throwing it away is not an option.
So right now I tend much more towards a php-solution.
+Which approach/language would you choose? (any other ideas than php or rails) +How would you make the solution secure? What do you think in regards to security issues? I read that a php mailer could be misused for eg spam-mails.
Joshua Vaage5,068 Points
Not to say that you shouldn't build it yourself but you might consider using http://www.wufoo.com/
If you concerned with blending the look into your existing design then you would want to look at your CSS. Wufoo forms can be used "naked" or without CSS so that you can allow your own CSS to affect the look and thus blend the form into your site's design in an attractive way.
Jacques Vincilione17,292 Points
If it is already built on PHP, I would stick with that unless you do want to rebuild it from scratch, as you said.
If this is simply a test project, do a google search for good security measures to take when submitting data, whether to a database or to be emailed. Also, remember that you don't want to send sensitive data by email, so avoid it if possible.
That being said, security is something that cannot be take lightly, specifically with medical data. If the medical data contains personal information, or is patient records, etc, it will have to be HIPPA compliant. This requires extensive logging of all data input into the database as well as logging of any changes. These logs will need to contain, at least, who made the change, what they changed, what the value was before, etc.. Obviously this will need to be very secure, preferably behind a SSL.
Keep in mind, if you're doing more that emailing the form info to someone, which in itself is not very secure, you will need a backend database to store the information. You can use something like MySQL or another database. Depending on the data being sent, you will want to encrypt/salt it.
As far as spam is concerned, you will want to use a captcha, or other authentication to avoid spam being sent from the form. You can google search "Prevent form spam without captcha."
Thank you both very much for your answers. I had a look at wufoo and like the idea of easy form creation. However this solution is not a viable one for me in this case as wufoo collects the entered data and makes the websiteowner responsible :-) Nevertheless it seems to be a neat option in situations differing from this one.
As Jaques proposed I think I will go with PHP and some https solution together with a captcha.... HIPPA does not apply in my case but I will check the relevant articles for Germany.
Thanks again to both of you!