Link to home
Start Free TrialLog in
Avatar of run2004
run2004

asked on

Sensitive information in non secured environment.

Hello friends,

Can you please let me know how critical it is to collect the Social Security number in non secured environment. I mean collecting the SSN in a webpage that has a web address starting with http.

Is this OK to to have this approoach or there is any standard to be followed to protect the sensitive information.

Thanks!
Run2004
Avatar of kaerez
kaerez
Flag of Israel image

It is not recommended to accept such information over an unsecure connection.
It is recommended to use an https connection (which will encrypt the data
from the user to the server) and use a secure inaccessible database to store
the data - usually in encrypted form.

You can receive a free SSL certificate at www.cacert.org
Avatar of hiteshgupta1
hiteshgupta1

you should try to avoid non secure way to collect sensitive information
also when using SSL ,try to use best encryption method to make the data secured and if possible protect user information off-line too
It would not be recommended.

You should read through the privacy act.
http://www.usdoj.gov/04foia/privstat.htm
ASKER CERTIFIED SOLUTION
Avatar of kevinf40
kevinf40

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Dear run2004,

Is any further assistance needed ?
If not please close the topic and assign
me the points.

Thank you

;-)
kaerez - a somewhat cheeky comment...
:-)