Question
If it is possible, how can I securely pull data from individual rows in an external datasource (e.g. CSV, FeatureService) in a public, browser-accessed survey without exposing the entire external datasource?
Context
I work for a large school district and we have been attempting to design a survey using Survey123 Connect for handling requests for transfers. We need this survey to be publicly accessible and accessed using a web browser only.
Because we are dealing with student information, security is a huge priority. In our survey, we have setup a series of questions for parents to validate that they are making a request for their student without exposing all of our student info dataset. This involves matching the inputted unique student ID number, the house number, and birthdate against data accessed from a CSV of student information using largely dependent on the pulldata function for calculations.
As a proof of concept for validating the student's information, this all worked very well. However, we have not been able to find a way using Survey123 to prevent the entire student data CSV used for validation from being fully exposed when accessing the survey from the browser. Examining the network traffic, it appears that when loading the survey, the full validation CSV is transferred to the client. By simply copying the URL for the network request for that CSV I was able to download the file in its entirety. That won't work for us. I had also looked into uploading the validation CSV to AGOL and accessing it as linked content, but this is also unacceptable because the CSV must be shared publicly to be used in a public survey and there is no way to disable downloading. I suppose this makes sense if the accessing the survey requires a full download of the CSV, but it also means, again, that all the student information would be exposed to the public.
Closing thoughts
Ideally the survey would have access to the student information on a server (e.g. AGOL) without the survey-taker being able to access all the student data indiscriminately. I suspect that what I'm asking for is outside what Survey123 can provide as pulldata seems to depend on client-side querying of a data source. I think in writing this up I'm realizing we'll likely need to develop this survey using a server-side scripting language like PHP. That said, if anyone has any ideas on how to better secure a CSV access via the pulldata function in Survey123 in the browser, I'm all ears!
