personal data collection

I have a website where I may need to collect names and addresses, no credit card involved.
I have a main site where content is available.
I have a domain for ssl
I wonder if the database access.mdb and the collection form for the information should be stored in a subdirectory of my ssl domain on my server.
Suggestions are welcomed.
Thank you
John
johnhardyAsked:
Who is Participating?
 
alreadyinuseCommented:
That will not encrypt the actual database, as David stated above the SSl is only going to encrypt the communications, the https requests and responses not the actual database.

Also he is right in the it should not be stored where it can be directly linked and downloaded. Can you put the URL into a browser that points to your mdb location, if you can download the .mdb then anyone can take a copy of the database using a web browser!
0
 
Dave BaldwinFixer of ProblemsCommented:
SSL Only encrypts information in transit between the browser and server.  It does nothing for info stored on the server.  An 'access.mdb' should not be stored on a server where it can be directly linked and downloaded.  Depending on the context and the content, disclosing personal info, even accidentally, can have legal consequences.  http://en.wikipedia.org/wiki/Personally_identifiable_information
0
 
johnhardyAuthor Commented:
Thanks Dave
So would I be correct in thinking that the db should be within the SSL directory?

Can you say how I can test if
it can be directly linked and downloaded?
0
 
johnhardyAuthor Commented:
Very many thanks for the very useful answers
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.