| quick form question / encryption
|
hotwired
msg:4467302 | 5:57 pm on Jun 19, 2012 (gmt 0) |
I'm sure this is an easy one. I have an online applications that asks for SSN. I do have it piped through an SSL for encryption BUT i get the results of the form, including SSN, in my outlook inbox via NMS FormMail. I am careful, but if I reply to that email, I'm inadvertantly sending BACK her SSN to her via UNencrypted connection. Is this safe as long as I don't "reply" to the email or should I be working harder to get a better method of collecting SSNs?
thanks to all.
|
Fotiman
msg:4467303 | 6:04 pm on Jun 19, 2012 (gmt 0) |
If you are emailing the information (even from the server to yourself), it is probably being transmitted as clear text and unencrypted. A more secure approach would be to email notification to you, but without the actual form data, and require that you then connect to the server via SSL to see the actual data.
|
hotwired
msg:4467334 | 7:45 pm on Jun 19, 2012 (gmt 0) |
Hmmm... i like that. so I'd need a database
Now I AM using an SSL (i.e. <form method="post" action="https://hostedge.net/~sangel/cgi-bin/TheThing.pl">
<input type="hidden" name="recipient" value="manager@sangelproperties.com" />
wouldn't that take care of the encryption btwn the server and I?
|
Fotiman
msg:4467337 | 7:56 pm on Jun 19, 2012 (gmt 0) |
That SSL would take care of the encryption between the end user and the server, but not between the server and you (if it's emailing you the data).
Yes, you would need a database, as well as some way to get the data securely from the database.
|
|
|
