Our focus has been on making `homoeopim' work and the issue of
users' privacy and confidentiality has not been worked on to the
extent desirable. The forms use the `post' method and so, provided you
use `https://' and not `http://', your passwords are safe from other
users. However, everything is stored without encryption inside the
database tables. This means that the admin. can, as of now, read the
passwords and also the symptoms entered by the users, which may be
embarassing and constitute a violation of privacy. Resolving this will
need rather invasive changes to the code and use of some Javascript,
increasing the size of the downloads and a serious reallocation of
our resources. I would request you to trust us,
as of now. If you install the software in your own machine, which is
what we really intend to enable, this issue will be of less concern to you.
We will make a virtual machine with everything already installed available
for download, and also the full source code, for updating the system
periodically and for those who may intend to install from scratch. This
will come as soon as the first version is ready - you are looking at a
sneak peek, remember?
The SQL query form uses an user-id separate from the owner of the
database, with very restricted permissions. You can't access the details
of the user entries through it, so users are protected from each other!
If you are paranoid, you can delete the symptoms before you log out, but
in that case you have to enter the same symptoms again and again.