Form Post Method Encryption

I have an online job application that I'm told needs to be encrypted even though I'm using the POST method, rather than GET.  We do not support SSL, and I need to ensure that the transmission of this information is secure.  Once the form is submitted, the information is stored in a database, and uses the replace function to create an HTML formatted email to send to recipient.  

How can I encrypt this transmission of data and still allow my replace function to format the email correctly in HTML?
LVL 2
johnson00Asked:
Who is Participating?
 
lengreenCommented:
johnson00,

take a look at www.verisign.com or www.thwate.com the process is reasonably straight forward depending on your server (I use IIS, not too sure about linux boxes) you need a cert per domain, there are some issues to be aware of especially when using cookies & sessions but nothing that serious

cheers

0
 
lengreenCommented:
Hi johnson00,

There is no simple reliable secure way other than SSL, even if you wrote a javascript algorithm the source would be available for all to see

Cheers!
0
 
johnson00Author Commented:
So this isn't possible by forcing RC4 encryption?  Any other opinions on the topic out there?
0
 
Fuzzyfish1000Commented:
If you want to be really secure, and not use ssl, as far as I see, you've only got two real options - ActiveX or Java.

Of the two, I'd recommend Java, as you won't have to request authentication from the user. A simple applet should do it - an embedded input box, with built in encryption. A serious hacker might download the java class file and de-compile it, but it would be a lot of hard work. Again, I reckon you've got two options - build the entire form as an applet, or build a Java applet to read the form inputs, encrypt the data, and transmit. I think I'd probably do the latter, and make the applet look like a submit button...

There's quite a lot of issue to consider - and maybe the one to look at is why SSL isn't an option. If the data is really that critical, then it should be. It's proven, it works, and it's the best option out there at present. If it's only semi-critical, then my solution will do it.
0
 
johnson00Author Commented:
Yes, the data is critical and could cost the business some hefty fines if the security is compromised.  What is the process for purchasing, installing, and working with an SSL certificate?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.