insouciant
asked on
Secure forms
I am working toward securing personal health information submitted by users in a form and processed by a PHP script which mails it directly to my web site customer (doctor) as an email. There will be no storage of this info on the server. I am working on SSL from the server to my doc's office but am concerned that if using the https:// route for client to server will be sufficient to prevent info theft. I understand that packets are routed differently, rendering sniffer useless enroute and if the remote server is compromised they would have root and it would be moot (whoops, accidental poetry). So the only route I am in question about is from the user to the server. But any alternatives or known problems would be helpful. Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the very complete answer maUru.
1. making sure the 'back' button doesnt return to the form and causing the browser to autofill the previous fields
2. make sure no sessions are used that can be duped by a knowledgable hacker
3. using ssl /before/ a login script is used
4. make sure secure passwords are used, minimum 8 characters, include a number or two and some capitals and an asterix....the weakest link in security is usually the users themselves.