Solved

personal data collection

Posted on 2011-02-10
4
404 Views
Last Modified: 2012-08-13
I have a website where I may need to collect names and addresses, no credit card involved.
I have a main site where content is available.
I have a domain for ssl
I wonder if the database access.mdb and the collection form for the information should be stored in a subdirectory of my ssl domain on my server.
Suggestions are welcomed.
Thank you
John
0
Comment
Question by:johnhardy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 34868856
SSL Only encrypts information in transit between the browser and server.  It does nothing for info stored on the server.  An 'access.mdb' should not be stored on a server where it can be directly linked and downloaded.  Depending on the context and the content, disclosing personal info, even accidentally, can have legal consequences.  http://en.wikipedia.org/wiki/Personally_identifiable_information
0
 

Author Comment

by:johnhardy
ID: 34869050
Thanks Dave
So would I be correct in thinking that the db should be within the SSL directory?

Can you say how I can test if
it can be directly linked and downloaded?
0
 
LVL 5

Accepted Solution

by:
alreadyinuse earned 250 total points
ID: 34871531
That will not encrypt the actual database, as David stated above the SSl is only going to encrypt the communications, the https requests and responses not the actual database.

Also he is right in the it should not be stored where it can be directly linked and downloaded. Can you put the URL into a browser that points to your mdb location, if you can download the .mdb then anyone can take a copy of the database using a web browser!
0
 

Author Closing Comment

by:johnhardy
ID: 34872924
Very many thanks for the very useful answers
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question