SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Member dqderrick's Avatar
    Join Date
    Oct 2003
    Location
    Carlsbad, CA
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question SSL Secure Web Form

    I've done some Googling and searching through these forums, but I haven't seen anything address this specific need.

    I am a hosting reseller and designer. A customer of mine wants to provide a "secure" web form on his website. The particular web form is an Application for Employment form that requests a Drivers' License number.

    What would you recommend as the optimum and most efficient method to offer a secure web form?

    Do to my lack of experience with SSL, I had to research and learn how SSL works. I need a dedicated IP and SSL certificate. This costs $60 to $150 a year depending on the source of SSL certificate. The company I resell hosting through offers ChainedSSL for $49.99/year and a dedicated IP for $15 setup and $2.95/month.

    I know I can do a self-signed SSL, but I don't like the exclamation mark and warning. Are there any other inexpensive options? I plan to charge my customer for the service, so money isn't a huge issue. I just want to make sure SSL is the best option.

    Derrick

  2. #2
    SitePoint Member motoenth's Avatar
    Join Date
    Feb 2004
    Location
    NC, USA
    Posts
    23
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Disclaimer: I am not a security expert!

    I have limited knowledge of security and hosting issues but I recently helped a client set up a form that collected credit card numbers. He was on a Windows server that had ASPEncrypt installed.

    His site was set up so that
    -the customer was on a secure connection when the cc # was entered.
    -the admin area had a username and password
    -the cc# was encrypted in a database so that
    -the only person that could view the number had a matching certificate installed in IE on their local machine.
    -and, lastly, the cc# was deleted within a given period automatically.

    I was quite impressed with the entire set up!

    As far as I know, there are no such security measures that are similar for LAMP's (linux, apache, mysql, php).

    There are my two cents...about what it's worth

    Hope this helps!

    Blair Young
    www.68designs.com

  3. #3
    SitePoint Guru okrogius's Avatar
    Join Date
    Mar 2002
    Location
    US
    Posts
    622
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can get an ssl cert (chained) from ev1 for about 20 per year.

  4. #4
    Xbox why have you forsaken me? moospot's Avatar
    Join Date
    Feb 2001
    Location
    Clearwater, FL
    Posts
    3,615
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If money is not an issue then I would go with a large SSL issuing authority such as VeriSign or Thawte. The support is there if you need it and you know you won't have any issues in the future (such as the company going out of business). Along with SSL, as motoenth posted, you should consider using some type of encryption in case your database gets hacked the information will be useless without the key to decrypt it.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •