Web page security question.

Cringer · 01-15-2010, 06:53 PM

Ok, plain and simple is the only way to secure information put into a form by a website user is secure to have an SSL certificate set up? If the script for the form is doing nothing but emailing that info straight to one email is that still a big risk that the info could be snatched up by someone trying hard to get the info?

I do a website for a youth soccer association and they want a registration page for coaches to sign up for license courses. The requested info would include name, address, and driver's license number among other things so I need to make sure it is secure if we do it. The problem is I need to avoid extra costs/fees if possible that getting a SSL cert. and insuring we have a dedicated IP address would add.

Glengoyne · 01-15-2010, 07:14 PM

The cert is the typical way, but If you've got control of all of the elements site, server, both email hosts. You could send the email using ssl encryption between the two email servers. It is a bit kludgy, but it should work. Unfortunately, I have NO IDEA how to actually help you implement it.

Cringer · 01-15-2010, 07:22 PM

Eh, no that doesn't sound like it would work then. I will look into it though, thanks.

cartman · 01-15-2010, 07:40 PM

If you are looking for folks to enter data via the web page, then an SSL cert is the way to go. You might check with your web host, a lot of times one cert is included in the hosting package. If you do have to buy one, there are a ton of providers now, and for what you are looking to do, the cheapest one will work.

One option to think about is instead of the form emailing to someone each time, have it write to a file on the server, and grabbing that file via a secure method each time. The emailing of the data would be a potential security breach if it is caught in transit.

Cringer · 01-15-2010, 07:46 PM

The hosting doesn't include one, the host sells them though. What I am trying to avoid is too much in expense. It wouldn't be used but a few times a year probably. Oour hosting is free with this host because it is for a non-profit. So basic package (which is a nice package but not when it comes to this). We would have to buy a cert plus a monthly fee of $4 for something I can't recall right now (I know not much but I am checking if there is something else they would require and trying to save every penny possible). I figured a cert was the only real option but since I don't know much in this area I wanted to check with you guys.

Tekneek · 01-15-2010, 07:52 PM

If the email is not encrypted in some form, then that will be insecure. Doesn't mean it is likely to be intercepted, but that it could be.

01-15-2010, 07:22 PM	#3
Cringer Grizzled Veteran Join Date: Oct 2000 Location: Edinburg,TX	Eh, no that doesn't sound like it would work then. I will look into it though, thanks. __________________ You Stole Fizzy Lifting drinks! You bumped into the ceiling which now has to be washed and steralized, so you get NOTHING! You lose!

01-15-2010, 07:40 PM	#4
cartman Death Herald Join Date: Nov 2000 Location: Le stelle la notte sono grandi e luminose nel cuore profondo del Texas	If you are looking for folks to enter data via the web page, then an SSL cert is the way to go. You might check with your web host, a lot of times one cert is included in the hosting package. If you do have to buy one, there are a ton of providers now, and for what you are looking to do, the cheapest one will work. One option to think about is instead of the form emailing to someone each time, have it write to a file on the server, and grabbing that file via a secure method each time. The emailing of the data would be a potential security breach if it is caught in transit. __________________ Thinkin' of a master plan 'Cuz ain't nuthin' but sweat inside my hand So I dig into my pocket, all my money is spent So I dig deeper but still comin' up with lint

01-15-2010, 07:46 PM	#5
Cringer Grizzled Veteran Join Date: Oct 2000 Location: Edinburg,TX	The hosting doesn't include one, the host sells them though. What I am trying to avoid is too much in expense. It wouldn't be used but a few times a year probably. Oour hosting is free with this host because it is for a non-profit. So basic package (which is a nice package but not when it comes to this). We would have to buy a cert plus a monthly fee of $4 for something I can't recall right now (I know not much but I am checking if there is something else they would require and trying to save every penny possible). I figured a cert was the only real option but since I don't know much in this area I wanted to check with you guys. __________________ You Stole Fizzy Lifting drinks! You bumped into the ceiling which now has to be washed and steralized, so you get NOTHING! You lose!

01-15-2010, 07:52 PM	#6
Tekneek Pro Rookie Join Date: Nov 2000 Location: USA	If the email is not encrypted in some form, then that will be insecure. Doesn't mean it is likely to be intercepted, but that it could be. Last edited by Tekneek : 01-15-2010 at 07:52 PM.

01-15-2010, 07:14 PM	#2
Glengoyne Grizzled Veteran Join Date: Sep 2003 Location: Fresno, CA	The cert is the typical way, but If you've got control of all of the elements site, server, both email hosts. You could send the email using ssl encryption between the two email servers. It is a bit kludgy, but it should work. Unfortunately, I have NO IDEA how to actually help you implement it.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)