Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

Necessary security features for small database

  • 08-01-2019 7:44pm
    #1
    two wheels good
    Registered Users Posts: 1,996 ✭✭✭


    Hello,
    I'm a member of a voluntary social club that is setting-up a new members' database which includes members' bank account details - necessary for the payment of expenses.

    I've been wondering about what security precautions are being taken especially with the bank data. I want to make a constructive enquiry without offending the volunteers doing the work or adding to their work-load unnecessrily.

    My questions are:
    - What minimum security precautions should I expect be taken.
    - Should all data be encrypted or just banking account details?
    - Should the banking data a be hived-off to the Treasurer's private computer or is it safer on the hosting company server along with the website.
    I realise that setting-up user permissions and restricting port access is relevant too but don't feel entitled/competent to get into that level of detail.

    Some extra info.
    The database is for admin purposes primarily. Typically (some) committee members will need full access. The wider club population will have minimal access I think. I don't expect any user update facilities will be provided.
    I'm not involved with the development. I don't know what technologies are used.

    Thanks


Comments

  • #2
    rd1izb7lvpuksx
    Closed Accounts Posts: 260 ✭✭rd1izb7lvpuksx


    Basically, you'll be subject to all the security and privacy requirements that an economic enterprise is, so you'll have to encrypt everything, have privacy and retention policies, have access control and logging, all the stuff a business would have to do.

    I wonder if there's a provider who can sell you this as a service, rather than doing it yourself. I was involved in a sports club who doing this kind of thing and had to resign as they refused to take it seriously.


  • #3
    two wheels good
    Registered Users Posts: 1,996 ✭✭✭two wheels good


    Thanks for your response. I'm not involved myself with the developement of the dbase.
    I agree that paying a professional would be worth considering but I suspect it will be developed by another member.
    Hopefully my concerns are unfounded but I feel I'll have to ask a few questions and try to get some reassurance.


Advertisement