473,372 Members | 804 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,372 software developers and data experts.

Protect Form info

I have a form where users enter their Social Security number and Date
of Birth. I was wondering if I need to request a certificate for SSL
on our Windows Web server so we can protect the information when it is
sent from the client to the server on the network? Is this something
where SSL is the best solution for protecting the transmission?

Aug 17 '07 #1
7 2073
Rik
On Fri, 17 Aug 2007 02:33:06 +0200, te****@hotmail.com
<te****@hotmail.comwrote:
I have a form where users enter their Social Security number and Date
of Birth. I was wondering if I need to request a certificate for SSL
on our Windows Web server so we can protect the information when it is
sent from the client to the server on the network? Is this something
where SSL is the best solution for protecting the transmission?
SSL is clearly a must have here. Self-signed is possible, doesn't create
much trust though, so by all means buy one.

--
Rik Wasmus
Aug 17 '07 #2
te****@hotmail.com wrote:
I have a form where users enter their Social Security number and Date
of Birth. I was wondering if I need to request a certificate for SSL
on our Windows Web server so we can protect the information when it is
sent from the client to the server on the network? Is this something
where SSL is the best solution for protecting the transmission?
Yes.
Aug 17 '07 #3
te****@hotmail.com wrote:
I have a form where users enter their Social Security number and Date
of Birth. I was wondering if I need to request a certificate for SSL
on our Windows Web server so we can protect the information when it is
sent from the client to the server on the network? Is this something
where SSL is the best solution for protecting the transmission?
Asking for SSN and not knowing about SSL.. very scary. It'd be
good to get up to speed on security long before you go
asking for personal information like that.

Unless it's tax, investment, or possibly health care related,
you shouldn't have any need for someone's SSN. In those
cases, your company should have a plethora of security related
people that can help you make things as secure as possible,
if they don't then don't ask for the SSN.

Don't think that simply by adding SSL, you're secure, and
anyone providing that information to anyone else really
should question the need for them asking for it in the
first place.
Aug 17 '07 #4
don't then don't ask for the SSN.
>
Don't think that simply by adding SSL, you're secure, and
anyone providing that information to anyone else really
should question the need for them asking for it in the
first place.

Thanks for the info. What is more secure than using SSL?

Aug 19 '07 #5
te****@hotmail.com wrote:
Thanks for the info. What is more secure than using SSL?
You are asking the wrong question.

Suppose I had a large sum of money I wanted to deliver to you. Suppose
for security reasons I put it in a lock box with a combination that only
you and I knew. Suppose after I handed you the lock box, you took the
box home and opened the box to count the money. What is keeping the
money secure while you are counting it? Where are you going to keep it?
If you keep it locked up, where will you keep the key?

What is keeping your users private data secure once it has arrived at
the server?

A few years ago I was bidding on an update to an ecommerce web site. I
found out that the original developer used SSL to protect credit card
numbers, then stored them unencrypted in an Access database with no
password in an easily guessable directory and easily guessable file
name. Anyone who guessed the file name could type the URL into their
browser and download all of the credit card numbers.

There is more involved with security than SSL.
Aug 20 '07 #6
te****@hotmail.com wrote:
don't then don't ask for the SSN.
>Don't think that simply by adding SSL, you're secure, and
anyone providing that information to anyone else really
should question the need for them asking for it in the
first place.

Thanks for the info. What is more secure than using SSL?
It wouldn't matter, because SSL is the secure communication protocol
that's built into browsers. Others aren't.
Aug 20 '07 #7
On 17 Aug, 01:33, "tes...@hotmail.com" <tes...@hotmail.comwrote:
I have a form where users enter their Social Security number
Just stop doing that altogether. For many very well-discussed reasons,
you should just not ever hold, store, fold, spinlde or mutilate that
particular bit of information. Search for the arguments against doing
it before you even begin to ask how to do it.

If you should (and these reasons are very narrow), then you should
already be competent to do so, and your question indicates that you're
not.

Aug 20 '07 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Martin Franklin | last post by:
I have a simple 2 page frameset that I am trying to protect using asp. I've included the following code listed below at the top of each page including the frameset page in an attempt to protect...
11
by: siliconmike | last post by:
Is there a way to protect data files from access by root ? I have a data-centered website and would like to protect data piracy from any foot-loose hosting company employee. Any ideas? ...
3
by: Narlen | last post by:
Hi there, I don't know much about web design but I proudly managed to password protect a page on my site. Later I realized that everyone looking at the source in any web browser can see the...
5
by: Brent Burkart | last post by:
I want to protect my website with a user and password. I have SQL Server 2000 where I want to store the users and passwords and the website is complete. I just need to add in some security with...
5
by: Trev | last post by:
Hey, I have a complete frontend setup, the first window/form that shows up gives you an option of 3 databases. One of them will only need to be accessed by about 2 - 3 people within our...
19
by: Peter | last post by:
I wrote a dll and now I want to protect from mass distribution. What is the most COST software for doing this, or can it easily be done in vb.net.
22
by: teejayem | last post by:
Hi, I am new to programming with databases and was wanting some help. Is there any way to password protect an access database and access sent sql commands to it via vb.net code? Any help...
5
by: rgsw | last post by:
Hi - I would like user to open Access database and have a choice to either enter a password or click on a button that opens the database in 'read only'. I know this is possible with Excel, but I...
2
by: dancer | last post by:
Can you create a password protected page with JUST asp.net and VB2005? I don't want to use javascript.
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.