Advice on going paperless.

Forum Moderators: phranque

Message Too Old, No Replies

Advice on going paperless.

web_young

7:52 pm on Dec 6, 2004 (gmt 0)

I'm currently working on some solutions for our company intranet and I was hoping to get some of your input. We have managers at different locations throughout the city and whenever they want to hire someone they fill out a form to get a new user added to the network. Currently they have to print the form, fill it out, sign it and fax it to the IS department. What I want to be able to do is come up with some solution where they can fill out the form electronically, sign it with some sort of digital signature and email it to the IS department. Does anyone have any experience setting something like this up? What did you do? Any advice would be great!

trillianjedi

12:25 pm on Dec 7, 2004 (gmt 0)

Currently they have to print the form, fill it out, sign it and fax it to the IS department.

There certainly has to be an easier way, but security is obviously a key issue.

What I want to be able to do is come up with some solution where they can fill out the form electronically

Obviously very easy so far....

sign it with some sort of digital signature and email it to the IS department.

This is where it gets a little tricky. Out of my expertise I'm afraid (this thread may be better off in Server-Side scripting or elsewhere - perhaps we'll move it after a day or so if there's a lack of response).

Ignoring digital sigs for the moment, how are these people currently validated from a security point of view? Is it simply by facsimilie signature?

At the stage the person is hired, are they allocated an email address? If so, and if the form is only available on the local intranet, with no external internet access, would a simple form to your IS dept. do the trick, with them then emailing password information back only to a local domain email address?

In other words I'm wondering if you can circumvent any security issue by keeping the entire process on your LAN.

web_young

6:49 pm on Dec 7, 2004 (gmt 0)

Thanks for the reply. This is a tricky one because somehow I've got to prove to the auditors who requests for new users to be added and also who makes the requests for permission changes. I was hoping to use PDF's and just have the manager use a digital signature but I've found out that you have to have more than adobe reader in order to digitally sign PDF's. Does anyone know of a cheaper alternative to Adobe Acrobat that can digitally sign a PDF?

peterdaly

7:01 pm on Dec 7, 2004 (gmt 0)

One possible answer is two level password protection. Level 1, have a user need to login to be able to fill out an online form. Level two, in order to submit, require a secondard PIN or level 2 password.

1 level password may even be enough. Another option would be those keyfob type displays where the number changes once a minute...although those can be complicated and expensive.

web_young

7:05 pm on Dec 7, 2004 (gmt 0)

I've suggested a similar thing to the boss and for some reason he didn't seem interested in that approach, unless there is a way to just use the server logins as authentication. He doesn't want them to have to remember another password. Is it possible to use a windows network login and password as authentication for an HTML form?

peterdaly

7:09 pm on Dec 7, 2004 (gmt 0)

Is it possible to use a windows network login and password as authentication for an HTML form?

Should be possible, although I don't know how off the top of my head. I implemented something like that for Novell NDS over about 5 years ago now, so I'd think you could to it to a Windows Domain or Active Dir. Tree.

ddent

10:17 am on Dec 8, 2004 (gmt 0)

In terms of being simple to implement, you could have an email template which people fill in and send to you. Use GPG, PGP, or some kind of s/mime for signing. Outlook has some s/mime stuff built in, but it requires you to get certificates. Email certificates without identity verification can be had for free from some sites, and can be had inexpensively with identity verification.

henry0

1:52 pm on Dec 8, 2004 (gmt 0)

Is it possible to use a windows network login and password as authentication for an HTML form?

How secure of a LAN do you run, do you use a VPN?
if so the first step is already done since not every one can log in the VPN, check with your NW admin.

The second part is easy
set an authentication script in (for ex) PHP
and feed a DB with the info, so the info can be stored, reviewed and modif as needed.
it can be made in such a way that people off premises need to log in the VPN (obviously) and that your boss has some master access directly to the hiring section.
we are speaking about creating a few access levels.
regards

Henry

ddent

9:31 pm on Dec 8, 2004 (gmt 0)

If you have an active directory domain going, you could use NTLM authentication.