Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

personal data collection

Posted on 2011-02-10
4
Medium Priority
?
430 Views
Last Modified: 2012-08-13
I have a website where I may need to collect names and addresses, no credit card involved.
I have a main site where content is available.
I have a domain for ssl
I wonder if the database access.mdb and the collection form for the information should be stored in a subdirectory of my ssl domain on my server.
Suggestions are welcomed.
Thank you
John
0
Comment
Question by:johnhardy
  • 2
4 Comments
 
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 1000 total points
ID: 34868856
SSL Only encrypts information in transit between the browser and server.  It does nothing for info stored on the server.  An 'access.mdb' should not be stored on a server where it can be directly linked and downloaded.  Depending on the context and the content, disclosing personal info, even accidentally, can have legal consequences.  http://en.wikipedia.org/wiki/Personally_identifiable_information
0
 

Author Comment

by:johnhardy
ID: 34869050
Thanks Dave
So would I be correct in thinking that the db should be within the SSL directory?

Can you say how I can test if
it can be directly linked and downloaded?
0
 
LVL 5

Accepted Solution

by:
alreadyinuse earned 1000 total points
ID: 34871531
That will not encrypt the actual database, as David stated above the SSl is only going to encrypt the communications, the https requests and responses not the actual database.

Also he is right in the it should not be stored where it can be directly linked and downloaded. Can you put the URL into a browser that points to your mdb location, if you can download the .mdb then anyone can take a copy of the database using a web browser!
0
 

Author Closing Comment

by:johnhardy
ID: 34872924
Very many thanks for the very useful answers
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question