471,605 Members | 1,355 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,605 software developers and data experts.

Protect Form info

I have a form where users enter their Social Security number and Date
of Birth. I was wondering if I need to request a certificate for SSL
on our Windows Web server so we can protect the information when it is
sent from the client to the server on the network? Is this something
where SSL is the best solution for protecting the transmission?

Aug 17 '07 #1
7 1986
Rik
On Fri, 17 Aug 2007 02:33:06 +0200, te****@hotmail.com
<te****@hotmail.comwrote:
I have a form where users enter their Social Security number and Date
of Birth. I was wondering if I need to request a certificate for SSL
on our Windows Web server so we can protect the information when it is
sent from the client to the server on the network? Is this something
where SSL is the best solution for protecting the transmission?
SSL is clearly a must have here. Self-signed is possible, doesn't create
much trust though, so by all means buy one.

--
Rik Wasmus
Aug 17 '07 #2
te****@hotmail.com wrote:
I have a form where users enter their Social Security number and Date
of Birth. I was wondering if I need to request a certificate for SSL
on our Windows Web server so we can protect the information when it is
sent from the client to the server on the network? Is this something
where SSL is the best solution for protecting the transmission?
Yes.
Aug 17 '07 #3
te****@hotmail.com wrote:
I have a form where users enter their Social Security number and Date
of Birth. I was wondering if I need to request a certificate for SSL
on our Windows Web server so we can protect the information when it is
sent from the client to the server on the network? Is this something
where SSL is the best solution for protecting the transmission?
Asking for SSN and not knowing about SSL.. very scary. It'd be
good to get up to speed on security long before you go
asking for personal information like that.

Unless it's tax, investment, or possibly health care related,
you shouldn't have any need for someone's SSN. In those
cases, your company should have a plethora of security related
people that can help you make things as secure as possible,
if they don't then don't ask for the SSN.

Don't think that simply by adding SSL, you're secure, and
anyone providing that information to anyone else really
should question the need for them asking for it in the
first place.
Aug 17 '07 #4
don't then don't ask for the SSN.
>
Don't think that simply by adding SSL, you're secure, and
anyone providing that information to anyone else really
should question the need for them asking for it in the
first place.

Thanks for the info. What is more secure than using SSL?

Aug 19 '07 #5
te****@hotmail.com wrote:
Thanks for the info. What is more secure than using SSL?
You are asking the wrong question.

Suppose I had a large sum of money I wanted to deliver to you. Suppose
for security reasons I put it in a lock box with a combination that only
you and I knew. Suppose after I handed you the lock box, you took the
box home and opened the box to count the money. What is keeping the
money secure while you are counting it? Where are you going to keep it?
If you keep it locked up, where will you keep the key?

What is keeping your users private data secure once it has arrived at
the server?

A few years ago I was bidding on an update to an ecommerce web site. I
found out that the original developer used SSL to protect credit card
numbers, then stored them unencrypted in an Access database with no
password in an easily guessable directory and easily guessable file
name. Anyone who guessed the file name could type the URL into their
browser and download all of the credit card numbers.

There is more involved with security than SSL.
Aug 20 '07 #6
te****@hotmail.com wrote:
don't then don't ask for the SSN.
>Don't think that simply by adding SSL, you're secure, and
anyone providing that information to anyone else really
should question the need for them asking for it in the
first place.

Thanks for the info. What is more secure than using SSL?
It wouldn't matter, because SSL is the secure communication protocol
that's built into browsers. Others aren't.
Aug 20 '07 #7
On 17 Aug, 01:33, "tes...@hotmail.com" <tes...@hotmail.comwrote:
I have a form where users enter their Social Security number
Just stop doing that altogether. For many very well-discussed reasons,
you should just not ever hold, store, fold, spinlde or mutilate that
particular bit of information. Search for the arguments against doing
it before you even begin to ask how to do it.

If you should (and these reasons are very narrow), then you should
already be competent to do so, and your question indicates that you're
not.

Aug 20 '07 #8

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

5 posts views Thread by Martin Franklin | last post: by
11 posts views Thread by siliconmike | last post: by
3 posts views Thread by Narlen | last post: by
5 posts views Thread by Brent Burkart | last post: by
5 posts views Thread by Trev | last post: by
19 posts views Thread by Peter | last post: by
22 posts views Thread by teejayem | last post: by
2 posts views Thread by dancer | last post: by
reply views Thread by leo001 | last post: by
reply views Thread by CCCYYYY | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.