Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Jan 2010
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Secure Method for collecting private information (SSL?)

    Hey everyone,

    I have been mulling over this issue for some time and the potential ways to solve it. Unfortunately with this particular issue I can't seem to really figure out the 'best' method even after researching a bit, and none of my friends know either.

    Time to ask for help!

    Basically, I have a company I'm setting up which will have a html form to collect information for myself or another one of my admins to retrieve at a later date.

    Originally this included billing information/CC, however..
    a) I didn't want the responsibility this carries
    b) I changed my business model a bit so I don't CC info anymore

    What I do need though, on this form, will include their username/password to 2 or 3 different sites (I provide support). This will allow me to login and fix their problems.

    Basically, I bought an SSL so that when they put in their username/passwords for that particular site(or sites) into my form, it's encrypted, but im not quite sure what to do AFTER this.

    I ideally want to send it right to a database in an encrypted format (do I use SSL for this?), and then build some sort of very simple CMS or basic script to unencrypt and then retrieve that information. In the cms i need only the most basic funtions.. view all entries/delete entry/ sort by date/group into pages in case i get 1000's of entries down the line.

    I'm assuming there are solutions out there that do this already that are pre-packaged and free or open source.

    If anyone could direct me to a solid very secure and one I would really appreciate it, or guide me in a direction which is better.

    Thanks!

  • #2
    Senior Coder angst's Avatar
    Join Date
    Apr 2004
    Location
    Toronto, Ontario
    Posts
    2,114
    Thanks
    15
    Thanked 122 Times in 122 Posts

  • #3
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Quote Originally Posted by Zesty View Post
    Basically, I have a company I'm setting up which will have a html form to collect information for myself or another one of my admins to retrieve at a later date.
    I would personally suggest that you do your homework on the topic thoroughly, (your lack of knowledge of what SSL is doesn't inspire confidence when confidentiality is at stake), and also find out what the legal requirements are for this type of business scenario and the storage of customer data in your country too. Asking your friends doesn't cut the mustard.

  • #4
    New Coder
    Join Date
    Jan 2010
    Posts
    10
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by MattF View Post
    I would personally suggest that you do your homework on the topic thoroughly, (your lack of knowledge of what SSL is doesn't inspire confidence when confidentiality is at stake), and also find out what the legal requirements are for this type of business scenario and the storage of customer data in your country too. Asking your friends doesn't cut the mustard.
    Hence why I asked for a pre-setup secure solution which stores information to a database and does the simple tasks that I require... I have the knowledge to implement it, but not do it from scratch myself. Nor would I want to for that exact reason

    And I know SSL is an on-the-fly encryption for transferring the data, I'm asking if it's necessary here along with whatever package I can get to store it. Or if I don't need it at all

  • #5
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    And I know SSL is an on-the-fly encryption for transferring the data, I'm asking if it's necessary here along with whatever package I can get to store it. Or if I don't need it at all
    Security is always necessary. Whether or not you implement it depends upon two things. How seriously you take your responsibilities to protect customer data and also the necessary legal requirements in your specific region/country.

    In my personal opinion, I would say yes. Running some form of forum/social/private site, SSL could well be classed as overkill. Whenever a business is concerned, however, every possible security measure implementable should be taken as a given.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •