Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New Coder
    Join Date
    Aug 2006
    Posts
    66
    Thanks
    0
    Thanked 2 Times in 2 Posts

    How to be secure? How much should SSL cost?

    Hello,

    I was hoping someone with some experience with coding HIPPA-compliant offsite storage databases and/or e-commerce experience in a secure environment could help me with a couple of questions?

    How can I secure a website against eavesdroppers? I assume I need an https connection for all pages transmitting or receiving unencrypted records / login information, do I also need a dedicated IP?

    Bluehost.com is my provider and they are offering an ssl certificate and dedicated IP address along with some extra features for ~$240/month which seems out of reach at the moment.

    I understand how to encrypt records to protect against unauthorized access/theft of data, and have even taken measures to protect against rainbow tables by salting the encryption and iterating through encryption 1000 times as I learned in this article.

    I am just worried that about anybody could theoretically eavesdrop on a regular http connection (plain text, right?) so I have not transferred any patient records or anything else to the web quite yet.

    Any general/specific advice would be greatly appreciated. I like to read if you have some links or resources you would like to point me towards, bring them on.

    Thank you.

  • #2
    Rockstar Coder
    Join Date
    Jun 2002
    Location
    USA
    Posts
    9,074
    Thanks
    1
    Thanked 328 Times in 324 Posts
    Well that article has some good information I wouldn't use MD5 or SHA1 for passwords, especially if you are dealing with HIPPA compliance. I would use SHA256 instead. Hashing the hashes iteratively 100 times isn't really going to make that big of a difference compared to the other possible attack vectors.

    You certainly should be using HTTPS for sensitive data like patient records. I don't know a lot about HIPPA compliance but using a shared server with other customers might be a problem. And if BlueHost doesn't keep up to date on a security patches for the software running on the server, that also could be a serious problem.
    OracleGuy


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •