SitePoint Sponsor

User Tag List

Results 1 to 6 of 6

Thread: secure web form

  1. #1
    SitePoint Addict
    Join Date
    Sep 2007
    Posts
    202
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    secure web form

    Hi,

    I have a form at this website:

    http://www.oaknoll.com/hawkeye.asp

    A client has asked if this form is secure, since it asks for birthdate etc. I have a captcha on the page, but I don't really work with forms much and I assume this is a secure form, but can anyone tell me if it is secure enough?

    Thanks,
    Sarb

  2. #2
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,603
    Mentioned
    24 Post(s)
    Tagged
    1 Thread(s)
    Do you have proper validation being applied to all the fields in the form before anything else is done with what has been entered? Most security issues arise because the form fields are not validated properly before they are used.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  3. #3
    SitePoint Enthusiast
    Join Date
    Mar 2009
    Location
    Timisoara, Romania
    Posts
    55
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Since you request personal data about your visitors, link to your privacy policy (of a decent content) can work great in reassuring suspicious visitors that their data is safe and won't be disclosed to any third party. Try to include such link and see what happens.

    Also, best practices recommend that you don't make sensitive information required. Fields such as Phone and Birth date are better be left without the asterisk.

  4. #4
    SitePoint Zealot Spartinman's Avatar
    Join Date
    Nov 2009
    Location
    Florida USA
    Posts
    197
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You have to make sure the form fields are protected... find the security certificate is one step.. also, if you use say Chrome to view it, you can verify the SSL security on the highlighted green area of the URL... it should then give you additional info on the security and then you would be able to verify the form fields being protected. I have seen sites that use a frame that is not protected for their form fields even though the page itself loads up as secure. NOT SO in some cases. Good luck!

  5. #5
    SitePoint Enthusiast
    Join Date
    Dec 2005
    Posts
    35
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The form is only "secure" if you have a valid SSL certificated installed on the server and you view the page where the form is at via https://.....

  6. #6
    SitePoint Member
    Join Date
    Oct 2012
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You have to update code the google captcha plugin.

    http://code.google.com/p/ogawa/wiki/Captcha_Plugin


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •