Help with Security Assist

Dear Support Team,
Have some questions regarding Security Assist.
1) Can I customize the Registration form generated by Security Assist such that I can include a field that contain Security Challenge Questions that must be answered by user, and the answer stored in the database? If it is possible, can you please help with the steps to accomplish that?
2) Can I customer the Email Password page generated by Security Assist to include the same Security Challenge Question field as above such that each time a user wants to retrieve the password, the user must give a matched answer to the security question stored in the database before the password can be send to the user? If it is possible, how can I do that?

3) How can I customize the login Page such that each user can login and be able to view only information belonging to the user for instance, read email, view grades, etc? Do I need to include a special column in the database to retrieve the information?

I will appreciate if you can help me with all those questions
Kebei

1) yes, this can be done, we dont have concrete steps to accomplish this, but if you have an understanding of databases, it should not be to difficult.

You would create a table that had a list of the available security questions. the table should contain an ID column and text column. The text column will be the text of the question.

On the registration page, crate a recordset to return all of the available security questions. Create a select list, make it dynamic to pull the labels from the text column of the recordset and set the value to the ID column of the recordset.

You will also need to add a text field for the user to type their answer.

On the users table, create 2 new columns. the first will be a foreign key relation to the ID column of the questions table the secon will be a text column to hold the answer.

In the Insert record server behavior, set the Foreign key column to get the value from the question select list. Set the answer column to get the value from the answer text field.


2) For this, you can no longer use the Security Assist email Password server behavior.

On the email password page, you need to add a recordset to return all the questions from the question table. A select list that is dynamically populated with the questions recordset, the label is the text column, the value is the ID column. And add a text box for the answer.

You then need to create a lookup recordset to query the users table. Filter the email column on the email form element, the question column on the Question select list and the answer column on the answer text box.

UseUniversal Email to send the email. Set the trigger to the lookup recordset NOT empty. For the To address use the email column from the lookup recordset.


3) security assist does this already. When a user logs in, a session variable is created that contains the ID value from the users table. This ID value is used to filter the records to return records that belong to them. take a look at how the recordset on the profile page is created.


if you are going to store information unique to the user in other tables, just make sure there is a column in the table to create a foreign key relation to the user, and store the session variable value in that column.