Well I'll throw out my scenario, then I'll ask my question. I have a form, pretty decent size form, that potential customers will be filling out. It is a financing form so there is a lot of touchy information being sent. I have a plain old .html page that has this form, and thats all it really needs to be. I was planning on having it submit the data straight to our sales team's email account, but an alternative was saving it on a database (hosted by godaddy, so its pretty secure). My question is, what steps can I take to secure this data? I was looking into stuff like SSL and encryption and all that jib jab, but don't understand it much. Since its a pretty simple concept, (securely saving the form data), im guessing the answer shouldnt be too hard. Thanks to anybody that can point me in the right direction!
So I'm looking at SSL certs and that is probably the way im going to go. Now, here are my noobie questions. 1) Is it just "applied" to the domain, allowing for https: links? 2) It is only 1 page that I need to use this on, http://www.myDomain.com/form.php , so, would I just link to it using https:// and thats all I need to do to keep the connection safe? 3) The file collects the data from a form, and sends it via the mail() function. Its a pretty basic script, so I dont think there is anything i need todo to that. any tips / tricks / help is greatly appreciated!
When you send data over the internet, it can be read via sniffing packets, or even an unsecured wifi connection. Using SSL provides a good level of encryption so no one can read the information while its in transit. Sending the data to an email address isn't a very good choice if you want to keep the data secure, even if the form is using SSL. Keep it in a database, encrypt it if you can, but always use a strong and unique password for that DB and everything close to that database.