Welcome to WebmasterWorld Guest from 107.20.54.98

Forum Moderators: incrediBILL

Message Too Old, No Replies

quick form question / encryption

     
5:57 pm on Jun 19, 2012 (gmt 0)

New User

10+ Year Member

joined:Sept 14, 2003
posts: 5
votes: 0


I'm sure this is an easy one. I have an online applications that asks for SSN. I do have it piped through an SSL for encryption BUT i get the results of the form, including SSN, in my outlook inbox via NMS FormMail. I am careful, but if I reply to that email, I'm inadvertantly sending BACK her SSN to her via UNencrypted connection. Is this safe as long as I don't "reply" to the email or should I be working harder to get a better method of collecting SSNs?

thanks to all.
6:04 pm on June 19, 2012 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member fotiman is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 17, 2005
posts: 4966
votes: 10


If you are emailing the information (even from the server to yourself), it is probably being transmitted as clear text and unencrypted. A more secure approach would be to email notification to you, but without the actual form data, and require that you then connect to the server via SSL to see the actual data.
7:45 pm on June 19, 2012 (gmt 0)

New User

10+ Year Member

joined:Sept 14, 2003
posts: 5
votes: 0


Hmmm... i like that. so I'd need a database
Now I AM using an SSL (i.e. <form method="post" action="https://hostedge.net/~sangel/cgi-bin/TheThing.pl">
<input type="hidden" name="recipient" value="manager@sangelproperties.com" />

wouldn't that take care of the encryption btwn the server and I?
7:56 pm on June 19, 2012 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member fotiman is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 17, 2005
posts: 4966
votes: 10


That SSL would take care of the encryption between the end user and the server, but not between the server and you (if it's emailing you the data).

Yes, you would need a database, as well as some way to get the data securely from the database.