SitePoint Sponsor

User Tag List

Results 1 to 3 of 3

Hybrid View

  1. #1
    SitePoint Member
    Join Date
    Aug 2011
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Secure data transfer

    I need some advice regarding website security.

    I have a website application where a user enters their details in a form, the data is then transmitted to a third party website using a POST request and SSL for encryption. The website runs over HTTPS.

    The third party website needs to be able to see the data.

    Is there anything else I can do to secure the data that's being transmitted?

    Please let me know if you need any more specific details.

    Many thanks.

  2. #2
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    9,036
    Mentioned
    152 Post(s)
    Tagged
    2 Thread(s)
    HTTPS is already pretty secure, but if you want to make it a bit more secure you could use hashing with a secret key only you and the receiver know.

    For example, when you send the data
    PHP Code:
    $mySecret='123456'
    $hash=sha1($_POST['name'].$_POST['email'].$_POST['some_other_field'].$mySecret); 
    The receiver can also calculate the hash from the data and $mySecret (which they have to know of course) and check if it's the same as the hash you sent with the data; if not, someone tampered with the data. Of course this relies on the fact that hackers don't know $mySecret and are therefore not able to create a hash of their own.
    Rémon - Hosting Advisor

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  3. #3
    SitePoint Member
    Join Date
    Aug 2011
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hashing looks interesting, I'll look in to that. Thanks for your response.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •