Encrypting Data....Some Help Please 1

[coldfused]

Guys I am doing a website for a little league team. Come to find out you can not just use a regular form. Data has to be encrypted or the "little league" name can not be used for the site.

Now I looked into doing this with PGP, which was a little confusing because I have never done that before, but I could probably fogure it out. Unfortunately the host for the little league domain does not offer pgp as a option, as it needs to be installed on the root directory of the server it self. Plus ssl and digital certificate which they can not aford at this time.

So are there any other options I have? Maybe a cgi script, or a javascript that protects the data from being interupted between the form and the reciepient?

Any ideas would be appreciated.

http://www.orlandomediasolutions.com

 

[DeZiner]

Ask your host for shared SSL. This is an affordable alternative generally about $10 USD / month. This keeps the site secure.

DeZiner
Never be afraid to try something new.
Remember that amateurs built the Ark.
Professionals built the Titanic

 

[Wullie]

Hi mate,

What type of data are we talking about here?

As long as this isn't credit card details etc, why not just store the info in a database and give them access through an admin panel?

Hope this helps

Wullie

http://www.necomputers.org.uk

http://www.freshlookdesign.co.uk

http://www.freshlookdesign.com

http://www.whiland.co.uk

The pessimist complains about the wind. The optimist expects it to change.
The leader adjusts the sails. - John Maxwell

 

[coldfused]

That's a great idea wullie, as long as the information is not passed from the server to a email client on someone's machine there should be no problems.

Nothing to protect except the folders that the database is stored in.

Will run it by them and see what they say.

http://www.orlandomediasolutions.com

 

[stormbind]

(Note: I am not a security expert. I know a little about encryption algorythms.)

That's odd. This forum was added to my Threadminder but I have never been here before! :-?

Hello again Wullie!

Wullie's idea is good for controlling the release of data but I would like to clarify the scenario because I didn't understand..

QUOTE: Data has to be encrypted or the "little league" name can not be used for the site.

1. Why does the data have to be encrypted?

(i.e. Who is sending data, who is recieving data and who isn't allowed to view the data?)

2. What kind of cypher strength are we talking about?

3. Is their some regulation that says you cannot be associated with "little league" without protecting members' privacy or something like that?

-- You see, I probably didn't understand the scenario

Ussually, the real problem is not encrypting data - but it is stopping others from decrypting it!

To the best of my knowledge, when sending a password to a forum there is no protection until it reaches the server. The server encrypts the password and compares the value to a stored value - this stops administrators from viewing their members' passwords and makes stealing the database of passwords pretty pointless.

That would be considered "a reasonable attempt to protect your members' privacy" but I am probably flying off at a tangent here