We have a demo site that we have built for potential customers to view our software product via our website.
Currently, the workflow entails the user going to our site at [url removed, login to view] and completing a form that asks just a few quick questions. The information is passed directly to our CRM software ([url removed, login to view]) and that product automatically sends a custom-HTML (created in Dreamweaver) message that contains the user name and the password to access the demo center. The user name and password are being controlled currently with IIS Password, which is running on our web server.
The Problem with the Current Scenario:
We are fearful that our competitors want to see the demo more than a real prospect. A few of them are crooked enough that they will have their customers get access to the demo to learn the user name and password, then tell the competitor the credentials to access the demo. The prospective customer currently can see the web page location and the link that gets sent to them currently shows the location of the demo center.
We know that there is probably no way to truly block someone who wants to work around these safeguards, but our goal is to make it as tough as possible to do this when we are really trying to provide a good service to potential buyers.
Our Desired Solution (or please suggest alternatives):
1.) Have a form that collects the customer's information (as we're doing now, but the form may be substituted if need be).
2.) Send an email to the prospect, but include a link to join the demo with the user name and password hidden and pass that along to the web site for user authentication. This would not allow the user to just tell someone via the phone the path to the demo and the user name/password. The only alternative would be to forward the email message. When an email containing the link to the demo is accessed, we would like to be CC'd on the message so we know someone is interested in our product.
3.) On the web page that contains the demo (currently HTML pages), we want to hide the status bars and the address bars. We tried using a small tool called HTML Protector and HTML Guardian, but they both struggled with hiding the address bar in Internet Explorer 7. They did a fine job on Firefox and IE 6. Essentially, we don't want the user to be able to figure out exactly where they are and the reason we headed towards these tools was they prevented a right-click and could control a few things, but seemed to fall short.
4.) If possible, we would like a log created of the times the prospect accessed the demo so that we know they are very interested.
Any ideas you have to further secure this material from unauthorized users is welcomed!
Overview of the Server Environment:
Operating System: Windows 2003 Server
Databases: SQL 2005 and MySQL are both installed
Server Languages: PHP and Coldfusion are both installed
We control our own server and have it installed at a co-located facility. We are not on a shared server like on GoDaddy.
You're welcome to try the existing process to see the loopholes at [url removed, login to view]
We are looking to get this resolved by early next week and cannot afford any delays. If you are not experienced in this and have a clear understanding of how you can implement the solution, please do not apply.
6 freelancers are bidding on average $84 for this job
I have a very profound experience in developing and delivering a ColdFusion Application upto version 7 for eCommerce B2B, B2C and C2C platforms with full web security functionality and subscription services.