Crytography question

[DazzaC]

Hi guys.
At present, in work, we often conduct user surveys to provide us with feedback of the IT service we provide for users.
At present we hand out hard copies of the questionaire and pass them out to the users. The users fill in thw questionnaire (annonmously) and hand them back. We then scan in the results and pass it into a database.
I have been tasked we taking this costly and laborious system and developing an electronic copy of it. I need to distribute the questionnaire electronically, and once I receive a response pass the results into a database. Once in the database users can then access their questionnaire, modify and change if necessary.
I need a way of securing this data so the only person who can see a users questionnaire response is the user who filled it in. What sort of cryptography and methods would you use?? Has any had any similar experiences?? thanks

 

[mrmtek]

what operating system are you using - we did something very simular to this on linux using php/mysql and sessions a few years back on a old 486 server and I must say it is still running!.

We use this as a internal help desk to track help calls and monitor faults.

 

[DazzaC]

The Operating system is Windows 2000/03 server. Clients are using Windows XP.
Office 2000 and above.

 

[mrmtek]

ok - if you have iis - you can setup a intranet - and using asp pages get users to sign up and make there own accounts, and save out put to a xml file - very rough out line I know but you could do it in a day - I can supply asp code examples to save/create xml if required or could just mount a access database on a server share and do the same??

 

[mrmtek]

im sure other people in this group would have a better solution -

 

[DazzaC]

How can I then encrypt the questionnaire responses?? To limit access to only the individual who responded??? Limit access so user A cannot see user B's questionnaire?

 

[chiph]

Ummm, if you encrypt something so that only the person who entered it can read it, won't management have a tough time looking at their comments?

I think what you're wanting is for each user to have their own login & password. The app would then make sure that one user can't see another user's data.

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first

 

[DazzaC]

That is correct.
Only the individual who submitted the questionnaire should be able to modify it.
It is imperative that they remain annonomous. Sorry ignore the encryption bit.
These questionnaires must be completed in the space of a month, those submitted to the system after will be rejected by the system.
The reponses must remain readable in the system.

 

[chiph]

Do like I said then. Have each user assigned a userid and a password. To store the password, you would run it through a one-way hash function like SHA-1 (Google for source code).

A hash function is designed so that any little change in input (the password) results in wildly different outputs, but still with the same input, results in the same output. For example:

MyPassword ---> 13A21E65D4CC98B735F64
MyPassworD ---> BC687E9874A62D519F84E

You would store the hashed output, and when the log in a 2nd time, you would compare the hash values to see if they entered the correct password.

If NewHash <> StoredHash Then
SendUserToBadPasswordScreen()
Else
SendUserToMainAppScreen()
End If

Chip H.


____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first