Well I'll throw out my scenario, then I'll ask my question. I have a form, pretty decent size form, that potential customers will be filling out. It is a financing form so there is a lot of touchy information being sent. I have a plain old html page that has this form and sends the form data to itself for php to handle, and thats all it really needs to be. I was planning on having it submit the data straight to our sales team's email account, but an alternative was saving it on a database (hosted by godaddy, so its pretty secure). My question is, what steps can I take to secure this data? I was looking into stuff like SSL and encryption and all that jib jab, but don't understand it much. Since its a pretty simple concept, (securely saving the form data), im guessing the answer shouldnt be too hard. Is there much modification to my code that I have to do? Thanks to anybody that can point me in the right direction!
Any details of that nature should be sent via an SSL connection, there really isn't another justifiable alternative when it comes to financial information. I recommend you just set an SSL Cert and enforce the page to be sent via SSL. Dan
thats kind of what i was leaning towards, thanks for the reassurance. here is another question option a) email data directly to an email address option b) store data on a server for sales team to access now, not worring about the fact that if they delete their email they lost the data, but just focusing on security, which would you prefer? does one or the other not really require a ssl cert? im not too good witht his cert stuff just yet thanks for the help!
No, they both do. I would recommend option b). Less chance of something going wrong, just make sure you escape/validate the data properly, if you don't you may as well not have bothered in the first place. (Not hard, just emphasising the point.) Dan
after talking to tech support I learned that you cant transfer the domain of an ssl cert, so I am waiting until we convert to the .com from the .org we are using for dev. is it hard to implement ssl into a pre-existing system like that? its a pretty simple script