Forum Discussion
Encrypt Suspend Data?
Hi,
I'm working on a project that involves personal financial information. We don't save any of that information, but we also need to use scorm's suspend data function in case users need to leave and resume later and so this data is being held on the LMS's server (in our case, Moodle). I've been using javascript to encrypt the data that's being sent via suspend_data. The trick for me, is that I'm also performing calculations and need to occasionally unencrypt to perform the math and then display the results, and then encrypt when that's done. I've had some success, but it's been tricky knowing when to encrypt and unencrypt.
Has anyone here had any experience with any of this?
Thanks!
Jae
7 Replies
My question is, why would a training course require real financial data? Why can't the student just make stuff up for the purposes of a course?
Are you using Storyline for app development, not eLearning?Hi Carl, we're doing both. We're teaching folks in our community how to apply for affordable housing and so we've built an income assessment tool alongside it. At the end, it generates a PDF that has all the data they'll need to confidently apply.
The encryption part is really interesting. How are you managing SL serialising all its tracked variables into suspend_data on every slide change, not just on exit? So if the real income figures live in normal SL variables, they’re going to Moodle in plaintext on every navigation, no matter what your encrypt-on-exit code does.
yes, that's exactly right. that's why i'm reaching out to see if anyone has figured a way around this. my only other thought would be to encrypt the values before they reach the storyline variable using custom html and js and then decrypt using the same whenever i need it. but that's a mountain of work and i was hoping someone might have a more elegant thought? i appreciate any input here. and thanks for chiming in.
To keep sensitive values out of SL variables entirely you could hold them in a JS object and let just one SL text variable carry the encrypted blob. That way SL only ever saves ciphertext. When a slide needs to show a result, JS decrypts, calculates, and pushes only the final display text into a variable you clear on slide-exit. How do you manage your key? I assume you’ve ensured it isn’t hardcoded into the SCORM zip?
