Encrypt a form with SSL?

  • fional24
  • Graduate
  • Graduate
  • fional24
  • Posts: 125
  • Loc: Scotland

Post 3+ Months Ago

I want to create a form which people can use to send sensitive information to my email address (the address supplied with my website).

My thoughts are that I could use a regular CGI form to email script to send this, but I want to add in SSL (if that's the right thing to do) to encrypt it. Unfortunately I havent got a clue how to go about this!

Has anyone done this or something similar?

I dont have time (or knowledge!!) to use anything other than prewritten scripts so I'll need any solutions dumbed down as far as possible! :oops:

tnx
  • _Leo_
  • Proficient
  • Proficient
  • User avatar
  • Posts: 279
  • Loc: Buenos Aires, Argentina

Post 3+ Months Ago

You need an SSL-enabled web server. The CGI will be just the same and has nothing to do with the SSL, which is implemented in a separated protocol named HTTPS
  • fional24
  • Graduate
  • Graduate
  • fional24
  • Posts: 125
  • Loc: Scotland

Post 3+ Months Ago

I can get the SSL added to my hosting package no problem.

So am I right in saying that once the SSL is added I'll get another folder created in my directory dedicated to secure stuff? Is this where I would upload my form to?
  • veryhip
  • Newbie
  • Newbie
  • veryhip
  • Posts: 11
  • Loc: Atlanta, GA

Post 3+ Months Ago

ssl is just another protocol. it doesn't matter the physical location of the files on the server, but, if you want it to be secure, https will be the beginning of the link. i would imagine your right tho, if your paying a hosting company for shared hosting, you'll probably get a special folder, some of the hosting companies have a separate server just for ssl with other people that have ssl activated. if your going to be REALLY getting into this, i'd recommend buying a PIII / 800 or similar and a 1u case, and colo'ing your own server. Protection is only as strong as the weakest link, and your hosting company might not have it setup right themselves... i'd make sure to use a reputable company for ssl if doing transactions.
  • _Leo_
  • Proficient
  • Proficient
  • User avatar
  • Posts: 279
  • Loc: Buenos Aires, Argentina

Post 3+ Months Ago

fional24 wrote:
I can get the SSL added to my hosting package no problem.

So am I right in saying that once the SSL is added I'll get another folder created in my directory dedicated to secure stuff? Is this where I would upload my form to?


Yes, you HAVE to get another folder for publishing under HTTPS. If your provider doesn't give you that information, you must ask for it.

Then, once you have uploaded to this "new" webserver of your own. You will be able to get into it by using https://yourdomain.com/file.cgi

There is an issue with the SSL certificate. I don't know how hosting providers work with them, but I think you should get your own certificate for your domain. You can read about this subject at http://www.verisign.com
You must ask your provider before buying any certificate anyway.
  • fional24
  • Graduate
  • Graduate
  • fional24
  • Posts: 125
  • Loc: Scotland

Post 3+ Months Ago

Thanks guys, I'll start doing more research into this before I go any further!
  • fional24
  • Graduate
  • Graduate
  • fional24
  • Posts: 125
  • Loc: Scotland

Post 3+ Months Ago

ok, so i've done some research into ssl and had a chat with my hosting company.

They say that encrypting the form is fine and the data will be secure on its way to their servers. The problem lies with downloading my pop3 mail to my mail client. They say I would need to use a system such as gpg, which they dont support. Are there any alternatives so I can make sure the emails are received in my outlook mailbox securely?

Or does anyone know a reasonably priced host in UK who would let me use SSL and GPG, PGP etc...???
  • _Leo_
  • Proficient
  • Proficient
  • User avatar
  • Posts: 279
  • Loc: Buenos Aires, Argentina

Post 3+ Months Ago

I guess it will be a better solution saving the data into a database and retrieving it by downloading an exported file using SSL (https) as well.
I guess you won't be able to send GPGed mails from PHP.

The fact is you need to protect data all the time. Even when it is downloaded to your personal computer, you have to know your computer is not hacked and nobody can get access to it.

Even if you are able to use encrypted mails, the administrator of your hosting provider can easily get access to the information in a way or another.

You will have to find a balanced solution between the security and the cost of that security.
  • fional24
  • Graduate
  • Graduate
  • fional24
  • Posts: 125
  • Loc: Scotland

Post 3+ Months Ago

hosting company have now suggested a gpg solution they can support, so i'm going to go investigate and have a play about with gpg.

I should have guessed this wouldnt be simple from the start!

Tnx for your help!

Post Information

  • Total Posts in this topic: 9 posts
  • Users browsing this forum: No registered users and 77 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.