SSL Encryption
- Started
- Last post
- 11 Responses
- seed
Has anyone here had to use this to keep data private in a form submission? I need to encrypt some info and then generate a csv file or send it in an email. At what point is the info decrypted?
- sherman0
good question.
wish i knew
- seed0
I think I get the basic idea of setting it up from the post and faqs I've read. I am really unsure about how and when the info can be decrypted and used.
- joyride0
it's only encrypted from browser to server. you can't send an encrypted email from a form, without some sort of unexcryption being done on the recipients end.
I'm sure there is a solution out there, but just setting up an ssl and putting the form behind that won't work.
- seed0
ok, so the main security concern is the info being encrypted from browser to server. So for instance if I sent the info submitted straight into a database would that data be scrambled in the db? Or is it only scrambled in transit from browser to server to keep the info from being intercepted?
- gabriel20
SSL only secures the transmission between the browser and server
- joyride0
what ^ said
It shouldn't be that hard to encrypt the db with php, asp, java, whatever. lots of info on db encryption, most developers will be able to figure it out fairly quick
- spmitch0
I think what you are looking for is md5 hash
- seed0
I'll look into md5. I don't know exactly what I need. i just want it to be as simple as possible and secure enough to take personal info via a form to pass on to a financing company.
- moth0
MD5 has been/can be exploited, and it's not really what you'd use for something like credit card numbers, for example.
You'd want to run the form under HTTPS, and then insert yourPrivateData into the database using it's own encryption.
I use AES_ENCRYPT with MySQL for example.
When you need to retrieve that information, you use AES_DECRYPT.
- moth0
That leaves your data "safe" on the server.
Of course if you then export that data and then email it, you are transporting it over an unsecured public network and anyone can read it.
- seed0
Is there a solution for that part? One vendor wants it emailed and the other wants a (dynamically created) csv file ftped to them. I am not sure if the SSL is usefull if the other parts aren't completely secure other than to make the user on the front end feel better. I need to see if there are laws about taking personal info like SSNs on the web.