?
Solved

Form Post Method Encryption

Posted on 2005-05-03
5
Medium Priority
?
354 Views
Last Modified: 2008-02-01
I have an online job application that I'm told needs to be encrypted even though I'm using the POST method, rather than GET.  We do not support SSL, and I need to ensure that the transmission of this information is secure.  Once the form is submitted, the information is stored in a database, and uses the replace function to create an HTML formatted email to send to recipient.  

How can I encrypt this transmission of data and still allow my replace function to format the email correctly in HTML?
0
Comment
Question by:johnson00
  • 2
  • 2
5 Comments
 
LVL 10

Expert Comment

by:lengreen
ID: 13919426
Hi johnson00,

There is no simple reliable secure way other than SSL, even if you wrote a javascript algorithm the source would be available for all to see

Cheers!
0
 
LVL 2

Author Comment

by:johnson00
ID: 13919446
So this isn't possible by forcing RC4 encryption?  Any other opinions on the topic out there?
0
 
LVL 4

Expert Comment

by:Fuzzyfish1000
ID: 13919514
If you want to be really secure, and not use ssl, as far as I see, you've only got two real options - ActiveX or Java.

Of the two, I'd recommend Java, as you won't have to request authentication from the user. A simple applet should do it - an embedded input box, with built in encryption. A serious hacker might download the java class file and de-compile it, but it would be a lot of hard work. Again, I reckon you've got two options - build the entire form as an applet, or build a Java applet to read the form inputs, encrypt the data, and transmit. I think I'd probably do the latter, and make the applet look like a submit button...

There's quite a lot of issue to consider - and maybe the one to look at is why SSL isn't an option. If the data is really that critical, then it should be. It's proven, it works, and it's the best option out there at present. If it's only semi-critical, then my solution will do it.
0
 
LVL 2

Author Comment

by:johnson00
ID: 13919529
Yes, the data is critical and could cost the business some hefty fines if the security is compromised.  What is the process for purchasing, installing, and working with an SSL certificate?
0
 
LVL 10

Accepted Solution

by:
lengreen earned 1500 total points
ID: 13919623
johnson00,

take a look at www.verisign.com or www.thwate.com the process is reasonably straight forward depending on your server (I use IIS, not too sure about linux boxes) you need a cert per domain, there are some issues to be aware of especially when using cookies & sessions but nothing that serious

cheers

0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Integration Management Part 2
Suggested Courses
Course of the Month16 days, 14 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question