Hello All.
I wanted to know if there is a means of hiding a scanned barcode number ,so that unauthorised persons dont have access to field data forms i have design for data collection.
The barcode when scanned will show a custom message instead of "barcode: 10000 0r 2000 etc but instead bring a message “Success” if validation is successful…
Please Mod.how can i handle such!
Thank you
Hello All.
I wanted to know if there is a means of hiding a scanned barcode number ,so that unauthorised persons dont have access to field data forms i have design for data collection.
The barcode when scanned will show a custom message instead of "barcode: 10000 0r 2000 etc but instead bring a message “Success” if validation is successful…
Please Mod.how can i handle such!
Thank you
So you mean when someone scans a barcode or a qr-code the code should not display, instead it should only display some custom message like success or something else?
Yes that should be the logic
I dont want a suituation where after the field data collection i would have to regenerate those barcode characters .
The workflow is that will give out the barcode or Qrcode with hidden characters…field enumerators will return the barcodes assign to them after the exercise…
Please how can you help me on this…
This feature at the moment is not available with the system. However, I am pinging @Xiphware and @martijnr. Maybe they should also be able to add to the discussion.
I will be glad if there is workaround to this challenge.
I dont want enumerator to have a copy of the barcode characters on their smartphones saved as records. They might re-use it n it might cause a comprise to data integrity.
It saves me the task to re-produce barcode or Qr-code again n again…
I want just a "hand- shake "of barcode scanning once between me and the field data staff. The enumerator could then verify n proceed to capture respondents…
I would love to hear from you again…
I would probably re-think this approach as a security mechanism. Barcodes may be a visually meaningless jumble of dots, but there is no actual implicit encryption in a barcode/QRCode, and an abundance of readily available free mobile apps that can scan them and return the number/url/data they contain. So even if recompiled the KoBoCollect app not to display it, they could quite easily copy the raw data by other means if they chose to.
Yeah ,it is for security measure.Re-compiling it to achieve this purpose will saves a lot of security vulnerabilities barcodes or Qrcodes poses.
To prevent the occurence of individual or unauthorised persons to have that characters or Url in the barcode saved in thier phones, from my earlier post , i explicitly stated that the barcode could be scanned once before the enumerator proceeds to the field as a security measure to prevent the re-cycling of these bar odes. Once there is proper "handshake "between me and the field data staff,it is pointless releasing the barcodes for them to work on for the exercise…may be in that way it will prevent them from using other sources or various barcode scanner from decoding the contents of the barcodes.
A scenerio where school subject teachers are requested to send their report via kobocollect app . This is a student academic report. A sensitive report!This argument brings to bare why the need to hide the whatever the url/numbers, sent to these teachers… one can just asked them to scan the barcode n proceed to send their report without having to issue out the barcode to them…
Thank you for your response.
Hi @chiabotu, would it be feasible for you to first encrypt the data contained in the barcode/QR code so that a private key or password is necessary to decrypt the data? There are many ways you can do this. Here’s an example:
echo "Hello world" > data.txt
gpg --symmetric data.txt
qrencode -r data.txt.gpg -l h -d 700 -o qr.png
Result:
If I then scan the code I just see a jumbled mess:
ï©2
]:
ãÒIÍ£/ç¼_-WÒ¶Wâå°ÀÑàÚ|0J{¾1l6&U¾«K§æk±|xÀ4lKeÁ
®óëÓmÄ).Vì
»Ð£´
Additionally, you could encode the encrypted data in base64 or something else so it’s easier to handle for other tasks:
cat data.txt.gpg | base64 | qrencode -l h -d 700 -o qr.png
Resulting data looks like this:
w6/CqcKJwpMywoVdOsKMCiAgICAgICDDo8OSScONwqMvw6fCvF8tV8OSwrZXwojDosOlwrDDgMORw6B/w5p8MEp7wr7CjDFswpQ2JlXCvsKrS8Knw6ZrwrF8eMOANGxLZcOBCsKuw7PDq8OTbcOEKS5Ww6wKwrvDkMKjwrQ=
Thank you.
How do i carry out validation with this technique on kobotoolbox?
So that wrong users don’t have access to the form.
In my project ,should I use .<= “Hello world” as my validation code?
@Josh this the challenge!
Thank you once again for your prompt response.
Hi @chiabotu, it depends on how you are building your form, but you would use the encrypted output for validation, not the actual value. Something like:
. = 'w6/CqcKJwpMywoVdOsKMCiAgICAgICDDo8OSScONwqMvw6fCvF8tV8OSwrZXwojDosOlwrDDgMORw6B/w5p8MEp7wr7CjDFswpQ2JlXCvsKrS8Knw6ZrwrF8eMOANGxLZcOBCsKuw7PDq8OTbcOEKS5Ww6wKwrvDkMKjwrQ='
However if you are wanting to prevent “wrong users”, you should perhaps assign specific permissions to individuals: Managing Permissions — KoBoToolbox documentation
