Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
05-20-2011, 01:04 AM #1
- Join Date
- Aug 2006
- Thanked 2 Times in 2 Posts
How to be secure? How much should SSL cost?
I was hoping someone with some experience with coding HIPPA-compliant offsite storage databases and/or e-commerce experience in a secure environment could help me with a couple of questions?
How can I secure a website against eavesdroppers? I assume I need an https connection for all pages transmitting or receiving unencrypted records / login information, do I also need a dedicated IP?
Bluehost.com is my provider and they are offering an ssl certificate and dedicated IP address along with some extra features for ~$240/month which seems out of reach at the moment.
I understand how to encrypt records to protect against unauthorized access/theft of data, and have even taken measures to protect against rainbow tables by salting the encryption and iterating through encryption 1000 times as I learned in this article.
I am just worried that about anybody could theoretically eavesdrop on a regular http connection (plain text, right?) so I have not transferred any patient records or anything else to the web quite yet.
Any general/specific advice would be greatly appreciated. I like to read if you have some links or resources you would like to point me towards, bring them on.
05-20-2011, 01:49 AM #2
- Join Date
- Jun 2002
- Thanked 328 Times in 324 Posts
Well that article has some good information I wouldn't use MD5 or SHA1 for passwords, especially if you are dealing with HIPPA compliance. I would use SHA256 instead. Hashing the hashes iteratively 100 times isn't really going to make that big of a difference compared to the other possible attack vectors.
You certainly should be using HTTPS for sensitive data like patient records. I don't know a lot about HIPPA compliance but using a shared server with other customers might be a problem. And if BlueHost doesn't keep up to date on a security patches for the software running on the server, that also could be a serious problem.