Hiya,
I have been asked to add a page to a clients website to use form mail to process an application, I can create it easily but the application asks for a lot of confidential information, including such things as full name address,age, sex, ph numbers, court orders, medical information and more.
Frankly I am rather loathe to create such a form without knowing more about how secure that info would be, I realise that nothing on the net is particulary secure, but just how unsecure would be a mail message sent that way and would any of the info remain on their ISP's server in a place that would easily got at ...

What are your opinions, do I recommend they remove some of the more personal and identifying questions ? or do I suggest they make it a printable form that the user can print out and snail mail to them ? or of course am I worrying for nothing? or is there a way to make it secure as to make it reasonably safe to pass that kind of info..

Badger

Hello HoneyBadger,
Most hosting services will offer a Secure Socket Layer (SSL). These are typicaly used for things like creditcard transactions and confidential forms. it is usualy an additional cost. The form then becomes an E-mail with a high level of security.

As with anything computers, it is on the wire or on a disk somewhere. I think this is something your client needs to consider and decide if their clients privicy validates the added security (SSL).

I would recommend giving the person filling out the form the option to
A)fill out the form and send
B)save the form to disk, fill it out, then e-mail
C)print the form and snail mail

I think your worry is valid, but allow the people using it the choice.

Hope this helps http://www.PCGuide.com/ubb/cool.gif

------------------
Waiting patiently for the future to arrive Frank's Place (http://dreamwater.net/tech/frankscomp/)
My site has moved, please update your link

I too would go the SSL route. You will need to either buy a certificate from a company like Verisign or run you own certificate server in order to use SSL.


If you do give your users the option of "Email" just remember that email is very unsecure unless it's encrypted. So, you'll want to included a warning stating that and possibly give them the option to send or not send encrypted email.


Good Luck http://www.PCGuide.com/ubb/smile.gif

Hiya all,
Thanks for all the great replies, I am going to do as you suggest, and am going to advise them of the risks involved, and the proper and recommended solution to overcome the security problem..

thanks again http://www.PCGuide.com/ubb/smile.gif