web front end with QR access
Hi, I’ve received a request to develop a web front end where users can access personal data via a QR code. Personally I don’t think this is very safe but perhaps there are some thoughts how access in a filament based app could be made safe. Any experience with this?
TIA
5 Replies
An app, whether Filament-based or not, is as safe as you make it.
Whether you provide QR codes on your site to access URLs, or use shortened-URLs via a provider, or email URLs somehow, whatever ... it's up to you to decide what that URL displays, and under what conditions.
The Filament part will just do what you tell it to do. And the Laravel part will do what you tell it to do.
Agree. But I was explicitly asked to provide access to personal data via a public URL this way eg ‘mydomain.com/uuid’. Would this be considered as something safe enough?
Secondly, how would I create a route for this? It seems close to an api request but I’m not sure. Thanks for your support in this.
That’s not safe at all. It shouldn’t be public. It should be a signed url. That way it would only be accessible with a valid token on the query string.
So the endpoint is public but the data and page only load with a valid token.
Obviously you already "get" that anytime you're exposing "personal" data, you have to be hyper-attentive to ensuring that it's only seen by those who "should" see it.
A challenging legitimate example of exposing very personal data without requiring passwords or other authorizations, is something like a health-alert tool that lets a first-responder scan a QR code to get essential medical information about the patient whose life they're trying to save/assist. THere's no time or opportunity for passcodes or other authorizations there. Especially if the database is national or international and the first-responders are very localized: they won't have a passcard to scan first before scanning the QR code. They need immediate access, to whatever data the patient has agreed to allow to be disclosed if someone (actually anyone) scans the code.
But, even in that case, as awcodes said, a signed Url would be safer than just a UUID that could be iterated-over by bots scanning your database.
So, to protect hackers slamming your site with random UUIDs, signed Urls would be preferable. The challenge then is in being sure that whatever Urls you generate with the QR codes don't expire ... er, unless whoever owns your database wants the codes to expire at a certain date/time, requiring to be re-issued after that.
@awcodes and @DrByte , thanks for your pointers! I was able to use them and create a safe access point for the users.