Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Form security - The best way

Status
Not open for further replies.
mears

mears

Technical User
May 21, 2004
10
GB
Hi all,

I am designing a site for a holiday home and would like to place a form that gathers the required info ie dates required, name , email address etc. I can to this via the post method no problem but I am concerned about the security of the info in the form.
Am I legally bound to protect this information transfer. It is name, address and contact details info and not credit card numbers or anything financial.
What is the best way to do this? I am proficient in HTML but not PHP or ASP.

Any helpful suggestions would be gratefully received.

Mears
 
Sort by date Sort by votes
Legal requirements would depend on what country you're in. If it's the UK, the Data Protection Act requires you to safeguard any personal data you collect.

However, I don't think you'd need to do anything special when collecting simple contact details - just look after the data once you've got it. Looking around, I don't see many sites using SSL to protect simple contact/subscription forms.

-- Chris Hunt
Webmaster & Tragedian
Extra Connections Ltd
 
Upvote 0 Downvote
For data storage and collection in the UK there is a digest of the Data Protection Act here:


Probably need to read it carefully - non compliance can be costly!

________________________________________________________________
If you want to get the best response to a question, please check out FAQ222-2244 first.
'If we're supposed to work in Hex, why have we only got A fingers?'
Drive a Steam Roller
 
Upvote 0 Downvote
Collecting data which a customer willingly supplies is simply a matter of storing it in such a way that it is not directly accessible to unauthorised persons.

If a marketing company is intent on gathering address information, there are much simpler ways of obtaining it than intercepting web traffic.

A lot depends on what you intend to do with the data once you have it.
Passing it to 3rd. parties is a definate no no.

If you intend to use it for your own marketing purposes then you must include an opt out from receiving further correspondence.

Keith
 
Upvote 0 Downvote
Am I legally bound to protect this information transfer
Click to expand...
As you have described the data - no. You are not legally bound to protect the transfer of the information (from their browser screen to you).

There is a difference between storing and transferring, however. As you have heard, in the UK there are legal requirements about the storage of personal data.

Anyway, if it's a toss between using GET or POST in your form, then use POST (symantecally it's correct).

Jeff


[tt]Jeff's Page [/tt][tt]@[/tt][tt] Code Couch
[/tt]
 
Upvote 0 Downvote
Many thanks for all the advice.

I now no which route to follow,

Cheers,
[thumbsup2]

Mears

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

c0deM0nK424
  • Locked
  • Question
Joomla Installation problem - Could not connect to the database ?
Replies
3
Views
112
ChrisHirst
ChrisHirst
c0deM0nK424
  • Locked
  • Question
How to install Joomla DIRECTLY to the domain name without creating folder similar to domain name ? 2
Replies
11
Views
202
ChrisHirst
ChrisHirst
kjv1611
  • Locked
  • Helpful tip
Possibly Best (or One of Best) Media Players for Drupal 7
Replies
1
Views
63
kjv1611
kjv1611
techlounge
  • Locked
  • Question
Keep Footer to the Bottom of the Screen
Replies
12
Views
184
darryncooke
darryncooke
mace9984
  • Locked
  • Question
Best way to create a reporting website?
Replies
3
Views
54
ingresman
ingresman

Part and Inventory Search

Sponsor

Back
Top