Forum Moderators: LifeinAsia
Let me explain my situation a bit. I have a client who wants me to develop a means for her customers to sign up for a service on her site. Signing up for this service will require a 1, 2, or 3 year subscription agreement, with a fairly lengthy contract.
I have never had to do something quite like this before. I was thinking of including the terms of the contract, along with some sort of "I agree" confirmation at the bottom of the sign up form. But that's not my main area of concern. What I'm wondering, is how I would go about keeping a legally recognized (theoretically) record of this contract and agreement for each customer.
Should I hash the entire contract along with some customer information and store it in a database? If so, what customer information should I include? What hashing algorithm would be acceptable? I've read about md5 being compromised to some degree, and I've read about sha1 possibly being exploited as well. I want this to be as strong as possible, but sha1 seems the best available option to me right now.
I know users aren't supposed to give legal advice here, but I'd appreciate any opinions. And I know, as common as online contracts are, that others must have dealt with this. What is or has been your practice?
You need to run this issue past a lawyer, not a webmaster, and preferably one licensed in the controlling jurisdiction.
Webmaster drafted contracts, without legal input, are little more than HMTL and words.
Well, I realize discussing this with a lawyer would be ideal. But I'd still very much appreciate hearing from other Web professionals on this. With all the online contracts out there and all the Web developers around this place, I'm sure there are those here who have some experience implementing something along these lines.
I have a client who wants me to develop a means for her customers to sign up for a service on her site.
... legally recognized (theoretically) record of this contract and agreement for each customer.
...
What hashing algorithm would be acceptable? I've read about md5 being compromised to some degree...
Hi avant_garde,
I'm not sure I'm fully understanding your question; or maybe it's worth re-thinking it a bit.
There seem to be a couple of different issues that you're talking about here:
1) What sort of form is it appropriate to use, so that users consent to a binding legal contract when they complete it?
To me this isn't a question that you the developer should be trying to answer for your client - it's a legal issue, not a technology one.
2) What's a legally recognised way to store the fact that they've agreed to the contract?
3) How secure are various hashing algorithms?
What I'm not really clear on is how (3) helps with (2)...?
Perhaps it's me who's missing the point, but if what you need is an unchangable record then something like a WORM drive, or certified hardcopy, might be more useful.
hth, a.
