In this article
To prevent link tampering, we suggest using the built in MD5 Hash feature. MD5 is an encrypted code based on the survey id, identifier, and a custom text that is added as an extra parameter to the end of the survey access URL. If respondents try and change any information in the link it will become invalid and not allow them access into the survey. They will see the "Invalid survey invitation" system info page.
MD5 is only used to make the survey access URLs more secure. If you are interested in data encryption you may want to consider purchasing an SSL license, which your account manager can assist you with.
Example link containing MD5:
http://www.serverdomain.com/installa...dd17aee4f0baaf
1: MD5 Hash For Panel Projects
When using Panel Management to send invites, MD5 must be configured in both the survey settings AND the project settings. The md5 hash code must be the same for both.
When "MD5 Algorithm" is selected you will notice that "&hash=[hash]" automatically gets appended to the Survey URL. Do not remove or modify this added parameter.
You may notice that SHA-1 is also listed as an option under Use hash verification. SHA-1 is a similar type of hash security that is not built into Kinesis Survey. This may be used if your panel is linked to a non-Panel Management survey install that is compatible with SHA-1.
2: MD5 Hash for Exit Links
Termination links can be secured from tampering by using the hash verification setting. Choose the hash algorithm you would like to use. The survey application must have support for adding the hash verification at the end of the termination URLs. This is not automatically built-in to Kinesis Survey, but can be generated with computational logic.
2.1: MD5 Hash Exit Links in Panel
This feature is applied by choosing "MD5 Algorithm" from the provided pulldown within the Rewards and termination links section of the project details (see screenshot below).
Notice that this will automatically update the termination URLs to append "&hash=[hash]".
2.2: MD5 Hash Exit Links in Survey
The MD5 hash code for exit links is generated based on the following parameters:
"sesskey=" + [sesskey] + "&status=" + [status] + [hash salt]
The elements in brackets above must pipe in the corresponding values based upon the current session. The "hash salt" should be the same one used for incoming links setup in previous sections. You will need three separate hidden computational questions for generating each unique status hash code. All will use the template logic below, with the "&status=1" text updated accordingly. Example computational logic, which only accounts for a Completed URL:
# Secret Hash salt (as specified in the project properties in Kinesis Panel) $USER_salt = "HaShCoDe^123"; # Builds URI string from session key and status value $USER_uri = "sesskey=".$IN_sesskey."&status=1"; # Calculates MD5 hash based on concatenated Salt and URI $USER_md5 = md5($USER_uri.$USER_salt); # Returns MD5 hash return $USER_md5;
The hash code generated in this computational question can then be passed into the survey exit link URL by referencing the question label.
Example Completed URL:http://web5.kinesissurvey.com/suppor...&hash=[Qhash1]