Solved

Secure forms

Posted on 2006-07-17
3
183 Views
Last Modified: 2006-11-18
I am working toward securing personal health information submitted by users in a form and processed by a PHP script which mails it directly to my web site customer (doctor) as an email.  There will be no storage of this info on the server.  I am working on SSL from the server to my doc's office but am concerned that if using the https:// route for client to server will be sufficient to prevent info theft.  I understand that packets are routed differently, rendering sniffer useless enroute and if the remote server is compromised they would have root and it would be moot (whoops, accidental poetry). So the only route I am in question about is from the user to the server. But any alternatives or known problems would be helpful.   Thanks.
0
Comment
Question by:insouciant
  • 2
3 Comments
 
LVL 7

Accepted Solution

by:
maUru earned 125 total points
ID: 17123478
https:// is more than enough for client to server encryption

if it wasnt then online banking systems would all go bankrupt

you cannot really encode it yourself as http is a plain text protocol, using ssl, you get 128 bits of encryption, which would roughly take by todays standards 1 million years to crack

which is long enough....i think
0
 
LVL 7

Expert Comment

by:maUru
ID: 17123513
of course there are other factors that you must take care of:

1. making sure the 'back' button doesnt return to the form and causing the browser to autofill the previous fields
2. make sure no sessions are used that can be duped by a knowledgable hacker
3. using ssl /before/ a login script is used
4. make sure secure passwords are used, minimum 8 characters, include a number or two and some capitals and an asterix....the weakest link in security is usually the users themselves.
0
 

Author Comment

by:insouciant
ID: 17129622
Thanks for the very complete answer maUru.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question