I'd like to create a Form where a web visitor can enter personal information
and that I can get it and process it securely. After reading about Secure Mail Forms, I'm wondering if it would be more secure to create an Upload Form, rather than emailing the information. I look forward to replies/opinions. Thanks.
Thank you for your lengthy reply
Yes, an ssl certificate would be in place, that aside,
would an Upload Form be a bit more secure than a Form,
who's information is emailed?
SSL encrypts the transaction between the user's web browser and the web server. It cannot be intercepted on the way.
Once it's on the server you can again to insecure things with the data. So yes, having your PHP script email the data to an admin would be insecure because email is not generally sent over a secure connection.
I think it is possible to send/receive encrypted mail (I'm not that familiar, Google will know more about it), but a better approach is probably to email a notification of new data, and have the admin login to the site and view the information online over SSL.
It's worth keeping in mind that SSL only protects the data in transit. Once it is sitting on your server it could be accessed if your site were compromised in another way.
This is why eCommerce sites (even with SSL) generally don't store credit card information.
You might be able to store the data a little more securely by exporting it to some file you can download over SSL then moving it to a computer other than your web server. Then if your site is targeted most of the data won't be stored there. Might be overkill though.
Posting Permissions
Bookmarks