Document delivery portal
4926
$$
- Posted:
- Proposals: 10
- Remote
- #43132
- Archived
Description
Experience Level: Intermediate
Document portal - To allow our customers to download reports that we have created. The customer must also have the ability to upload documents too.
User registration
- only when initiated by admin users
- email gets sent to requested user (OT link that expires after 12 hours)
- user will then follow a link to the system to register and create their own password (enforce password complexity, min 8 with 3 character groups)
- Allow multiple users to be assigned to a client
User authentication
- must be built with security in mind
- secure code review will be undertaken
- account lockouts (use re-CAPTCHA after 2 incorrect attempts, then lockout after 10 attempts for 30 mins)
- using a secure cookie mechanism (use platform session token with httponly & secure flags)
- Lock session to IP and not allow simultaneous login sessions
- Generate email to client on password change or lockout
- Session timeout after 30 mins
Forgotten password function
- allows registered users to reset password by following a link sent to their registered email address (with re-CATPCHA and/or security question?)
- must not allow username enumeration
Administration function
- Ability to upload and download documents from all registered users areas
- Create, delete and edit users details (including account unlocking)
- Initial administrator must be able to add further admin users
- Full logging - user auth, download, upload etc
- Account search feature – client, forename, surname and username
Upload and download documents
- Users must not be able to see other users documents
- All documents will be saved locally on the hosting webserver
- Users have the ability to delete documents within their account (although not to delete them physically from the disk)
- Alert specific users when a report is downloaded
- Limit file extension, content (could create a blacklist/whitelist) and size
Use stored procedures for all SQL queries. Every parameter is sanitised on the server side. Session token and username checked for every transaction.
All code is fully commented so we can understand it.
User registration
- only when initiated by admin users
- email gets sent to requested user (OT link that expires after 12 hours)
- user will then follow a link to the system to register and create their own password (enforce password complexity, min 8 with 3 character groups)
- Allow multiple users to be assigned to a client
User authentication
- must be built with security in mind
- secure code review will be undertaken
- account lockouts (use re-CAPTCHA after 2 incorrect attempts, then lockout after 10 attempts for 30 mins)
- using a secure cookie mechanism (use platform session token with httponly & secure flags)
- Lock session to IP and not allow simultaneous login sessions
- Generate email to client on password change or lockout
- Session timeout after 30 mins
Forgotten password function
- allows registered users to reset password by following a link sent to their registered email address (with re-CATPCHA and/or security question?)
- must not allow username enumeration
Administration function
- Ability to upload and download documents from all registered users areas
- Create, delete and edit users details (including account unlocking)
- Initial administrator must be able to add further admin users
- Full logging - user auth, download, upload etc
- Account search feature – client, forename, surname and username
Upload and download documents
- Users must not be able to see other users documents
- All documents will be saved locally on the hosting webserver
- Users have the ability to delete documents within their account (although not to delete them physically from the disk)
- Alert specific users when a report is downloaded
- Limit file extension, content (could create a blacklist/whitelist) and size
Use stored procedures for all SQL queries. Every parameter is sanitised on the server side. Session token and username checked for every transaction.
All code is fully commented so we can understand it.
Projects Completed
7
Freelancers worked with
5
Projects awarded
78%
Last project
7 May 2024
United Kingdom
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
There are no clarification messages.
We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
Cookie Settings
Accept All Cookies