Solved

personal data collection

Posted on 2011-02-10
4
401 Views
Last Modified: 2012-08-13
I have a website where I may need to collect names and addresses, no credit card involved.
I have a main site where content is available.
I have a domain for ssl
I wonder if the database access.mdb and the collection form for the information should be stored in a subdirectory of my ssl domain on my server.
Suggestions are welcomed.
Thank you
John
0
Comment
Question by:johnhardy
  • 2
4 Comments
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 34868856
SSL Only encrypts information in transit between the browser and server.  It does nothing for info stored on the server.  An 'access.mdb' should not be stored on a server where it can be directly linked and downloaded.  Depending on the context and the content, disclosing personal info, even accidentally, can have legal consequences.  http://en.wikipedia.org/wiki/Personally_identifiable_information
0
 

Author Comment

by:johnhardy
ID: 34869050
Thanks Dave
So would I be correct in thinking that the db should be within the SSL directory?

Can you say how I can test if
it can be directly linked and downloaded?
0
 
LVL 5

Accepted Solution

by:
alreadyinuse earned 250 total points
ID: 34871531
That will not encrypt the actual database, as David stated above the SSl is only going to encrypt the communications, the https requests and responses not the actual database.

Also he is right in the it should not be stored where it can be directly linked and downloaded. Can you put the URL into a browser that points to your mdb location, if you can download the .mdb then anyone can take a copy of the database using a web browser!
0
 

Author Closing Comment

by:johnhardy
ID: 34872924
Very many thanks for the very useful answers
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question