Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Encrypted form?
- Thread starter Pav1977
- Start date
Hi
For example like Yahoo! does ( or did ? ) : instead of sending the password as is, they calculate its MD5 checksum and sends only that to the server. Although this alone does not help at all. probably there is a random challenge text which is added to the password before the checksum calculation.
But the secure way is to not use encryption yourself, but let the browser and server do the job. Just use SSL and do the communication through https:// .
Feherke.
For example like Yahoo! does ( or did ? ) : instead of sending the password as is, they calculate its MD5 checksum and sends only that to the server. Although this alone does not help at all. probably there is a random challenge text which is added to the password before the checksum calculation.
But the secure way is to not use encryption yourself, but let the browser and server do the job. Just use SSL and do the communication through https:// .
Feherke.
- Thread starter
- #3
Well I'm not sure if this is what I'm looking for. I don't want anyone to log in or anything like that. All there is is a form that generates and email and sends it over to Admin person. That email contains confidential data so I'd like to protect it from being easily intercepted.
If I could use ssl for it - can it be easily done and how can I do it?
Cheers
If I could use ssl for it - can it be easily done and how can I do it?
Cheers
Email is a secure as sending your credit details & pin number to someone on a postcard!
Don't do it!
There are many ways to encrypt an email, but the receiver needs to have the same relevant software to decode it.
Also if you are collecting this kind of personal data via a web form you MUST under the Data Protection Act 1984/1998 use all necessary means to protect that data.
Sending this via a web form not sitting on SSL breaches those requirements.
If you put the form on SSL and the received form is sent via email "Internally" , you might get away with it, but if that email leaves the company network in any way shape or form, you need to encrypt both the form and the email.
"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."
"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!
Don't do it!
There are many ways to encrypt an email, but the receiver needs to have the same relevant software to decode it.
Also if you are collecting this kind of personal data via a web form you MUST under the Data Protection Act 1984/1998 use all necessary means to protect that data.
Sending this via a web form not sitting on SSL breaches those requirements.
If you put the form on SSL and the received form is sent via email "Internally" , you might get away with it, but if that email leaves the company network in any way shape or form, you need to encrypt both the form and the email.
"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."
"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!
- Thread starter
- #5
you need to encrypt both the form and the email. "
This is exactly what I'd like to do, the question is how? Is it relatively easy? Could someone direct me to some articles on how to do it?
I didn't intend to send those details in a basic email, but do you think it's still unsecure even it the email is encrypted?
Where can I learn about this sort of stuff? I've tried the w3 but couldn't find much o there.
Thanks
This is exactly what I'd like to do, the question is how? Is it relatively easy? Could someone direct me to some articles on how to do it?
I didn't intend to send those details in a basic email, but do you think it's still unsecure even it the email is encrypted?
Where can I learn about this sort of stuff? I've tried the w3 but couldn't find much o there.
Thanks
to encrypt the form it needs to be submitted via the form action to an 'https' URL where the sever has an SSL certificate installed.
It is also good practice to place the form on the https URL so those filling in the form can see it is secure (you get the padlock in the browser).
of course just because it show the padlock in the browser if you did not submit it to a https URL it would not be secure, so always do both!
email i'm not sure with, but the best place to ask this would be in either the email forum or the forum relative to the server side language you are using, E.G. ASP , PHP , PERL etc..
"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."
"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!
It is also good practice to place the form on the https URL so those filling in the form can see it is secure (you get the padlock in the browser).
of course just because it show the padlock in the browser if you did not submit it to a https URL it would not be secure, so always do both!
email i'm not sure with, but the best place to ask this would be in either the email forum or the forum relative to the server side language you are using, E.G. ASP , PHP , PERL etc..
"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."
"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!
- Status
Similar threads
- Locked
- Question