framework : zero 12.1
Hi we are implementing a survey like function but it needs to support known and anonymous users. The feature in our solution should email an anonymous encrypted link to "other" users. This link should allow limited access to our solution (e.g. only the survey page) and expire after a system limit.
Does multi tenant zero support this configuration? Can you give us guidance on how to approach this.
ok - I know it's not implemented out of the box - the heart of the question is really how to properly design anonymous access to a form in our solution. For example, could would generate some unique id that we embed in the login link (as a parameter) that we publish to the client. When the client clicks the link, they are routed automatically to a closed garden where they can only fill the form and submit data. Of course we can maintain internal tables tying that link to the email target with some extra metadata such as expiration parameters ... Does that seem like a sound solution/approach to you? That may of course be vulnerable to dos attacks though, so security is a concern.
For example, could would generate some unique id that we embed in the login link (as a parameter) that we publish to the client.
Yes, I think this is a good approach but you don't have to login the user because in that case, you need to create a new user or use an existing user created for this purpose.
By the way, after creating a unique id, you can encrypt it with
SimpleStringCipherclass and then decrypt it on the page you want to validate it.