I am working toward securing personal health information submitted by users in a form and processed by a PHP script which mails it directly to my web site customer (doctor) as an email. There will be no storage of this info on the server. I am working on SSL from the server to my doc's office but am concerned that if using the https://
route for client to server will be sufficient to prevent info theft. I understand that packets are routed differently, rendering sniffer useless enroute and if the remote server is compromised they would have root and it would be moot (whoops, accidental poetry). So the only route I am in question about is from the user to the server. But any alternatives or known problems would be helpful. Thanks.