Web Design Help Forum & Web Development Help Forum
Squeezing all the info out of Web Design and Development!
Welcome Guest!
Please login
If you do not have an account yet on The Web Squeeze forums, please Register! It’s FREE and there are many benefits:
- Receive Fast Advice
- Learn Programming Languages
- Get Professional Website Reviews
- Quick Troubleshooting Assistance
|
|
Security For Forms...
This is a discussion on Security For Forms..., within the Web Development in General section. This forum and the thread "Security For Forms..." are both part of the Programming Your Website category.
  |
| Security For Forms... |
 Sep 17 2008, 09:29 PM
Post
#1
|
|
 Rapid Squeezer  Posts: 205 Joined: 5-June 08 From: South Carolina  |
My client, Peoples Choice, wants 3 forms in their website...3 different quote forms...auto, home, life. The auto form includes drivers license number, social security number, vin numbers, pretty personal info. The home isnt so much as personal i dont think, and then life insurance includes the person social. What do I need to do to make these forms secure? I havnt created them yet. I dont know much code other than html and css. A little php. Not enough i dont think to make anything major. Do I need ssl certificates?
-------------------- CSS is amazing.
|
 |
 
|
|
Sep 17 2008, 10:33 PM
Post
#2
|
|
 Squeeze Machine  Posts: 766 Joined: 13-February 08 From: Catching the squeezed drips downunder. |
SSL would be a good idea when you're dealing with information that, if hijacked, could be used quite easily for identity theft.
The question I would probably ask your client is why they require such information to provide quotes. I'm not sure I speak for everyone but if I was asking for a quote from an online provider and they required my drivers license/passport number social security (tax file in Australia) number or vin number I would probably not bother. The next part to look at would be how the data is handled after the form is submitted. Most quote forms can get away with shooting the details off view email but for this sort of information, you will want to be storing the details either in a database or in some flat files off the web root that can only be accessed by authorised users. An added benefit would be to encode the data prior to sending it (with javascript) before decoding it at the other end -- 128 bit SSL will do this as well but a bit of extra care doesn't hurt. -------------------- |
|
|
|
|
Sep 18 2008, 03:56 AM
Post
#3
|
|
|
Squeeze Machine  Posts: 682 Joined: 15-February 08 From: UK |
QUOTE (Rakuli @ Sep 18 2008, 04:33 AM)  The question I would probably ask your client is why they require such information to provide quotes. I'm not sure I speak for everyone but if I was asking for a quote from an online provider and they required my drivers license/passport number social security (tax file in Australia) number or vin number I would probably not bother. I agree. Don't ask users to fill in unnecessary form fields, especially when the information is personal. Every extra burden on the user corresponds to fewer people submitting. |
|
|
|
|
Sep 18 2008, 06:17 AM
Post
#4
|
|
|
Rapid Squeezer Posts: 205 Joined: 5-June 08 From: South Carolina |
QUOTE (MikeHopley @ Sep 18 2008, 03:56 AM) I agree. Don't ask users to fill in unnecessary form fields, especially when the information is personal. Every extra burden on the user corresponds to fewer people submitting. If you go to sites such as allstate or whatever you are required to enter you social as well. -------------------- CSS is amazing.
|
|
|
|
|
Sep 18 2008, 07:03 AM
Post
#5
|
|
|
Squeeze Machine Posts: 682 Joined: 15-February 08 From: UK |
QUOTE (mv08jml @ Sep 18 2008, 12:17 PM) If you go to sites such as allstate or whatever you are required to enter you social as well. What exactly does that prove? It's not hard to find examples of user-hostile design on the internet.  Of course, it's ultimately up to your client. They may have very good reasons for collecting this information, or they may not. Regardless, it's their decision; and as Rakuli said, you should really be using SSL if you are asking people to submit sensitive data. |
|
|
|
|
Sep 18 2008, 09:01 AM
Post
#6
|
|
|
Rapid Squeezer Posts: 205 Joined: 5-June 08 From: South Carolina |
QUOTE (MikeHopley @ Sep 18 2008, 08:03 AM) What exactly does that prove? It's not hard to find examples of user-hostile design on the internet. Of course, it's ultimately up to your client. They may have very good reasons for collecting this information, or they may not. Regardless, it's their decision; and as Rakuli said, you should really be using SSL if you are asking people to submit sensitive data. That was my question in the first place, I emailed my client and asked them if it was necessary to have that information there...so im waiting for a reply. I told him if it is it will require a ssl certificate and I told him the cost. Would anyone be interested in making these forms for llttle or no cost? Im not good at php and I just want to get this finished. Its been on me since june and I just want to get done. I have exactly what needs to be on the forms I just have to do it. -------------------- CSS is amazing.
|
|
|
|
If you found The Web Squeeze to be helpful, please donate so we can keep this site FREE, FRESH, and fortified with Web Design & Development info!
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
17 | acrikey | 317 | 3rd April 2008 - 01:21 PM Last post by: acrikey |
|||
 |
4 | Jason | 273 | 23rd April 2008 - 04:20 PM Last post by: Rakuli |
|||
|
7 | unitedcraig | 211 | 27th May 2008 - 07:57 AM Last post by: unitedcraig |
|||
|
16 | mcdanielnc89 | 554 | 9th July 2008 - 08:39 PM Last post by: mcdanielnc89 |
|||
|
 |
14 | mv08jml | 667 | 26th July 2008 - 10:46 AM Last post by: mv08jml |
||