Msg#: 4030502 posted 12:09 am on Nov 24, 2009 (gmt 0)
I've never done forms before, and need to learn. I'm doing a website that has an extensive form for a loan application. I have all the parameters and such loaded into the form and now I need to figure out how to have these results emailed to the client.
The web hosting company is Network Solutions so I'm sure I have a CGI folder to work with in the hosting plan if that's what is needed.
Could somebody please point me in the right direction? Thanks a million!
Msg#: 4030502 posted 12:33 am on Nov 24, 2009 (gmt 0)
an extensive form for a loan application
Does the form contain any confidential or personally-identifying information? If so, then you cannot send it by email, as email is not encrypted. In fact, there may be legal implications for your client if you do choose this method.
If this is the case, then you will need to have the form displayed on an secure (https) page and possibly submit to a database which is accessible by the client via a secure connection.
Msg#: 4030502 posted 1:18 am on Nov 24, 2009 (gmt 0)
I consulted with a mortgage finance company a few years ago. They had an online form that was emailed with everything anyone could every want to know about a person, including income, SSN, DOB, address, employer - everything. They were sending the form wide open for interception.
Their attitude was "convenient like it is". I completed my initial consultation, made detailed recommendations, cashed the check, and refused to handle any of the work that they wanted done myself, or to consult further. It was clear that it wasn't an issue of 'not knowing' the risk. They didn't care. It was clearly a third-tier finance company and the more I looked at what they had, the more I wanted to finish up and get out.
there may be legal implications for your client if you do choose this method.
There may be legal implications for you as well.
There are probably some workable email encryption options, but I would second encylo's first thought that sending details to a secured database is probably the best option. It's going to need to be in a secured database at some point anywat. Might as well be programmed from the start.
Msg#: 4030502 posted 9:29 pm on Nov 24, 2009 (gmt 0)
I think it's much easier: encrypt the data using PGP or S/MIME on the server and mail it to them. Only the one who's public key was used can decrypt it, and even in the case of a server compromise: there's no database to be sucked dry anymore.