Jump to content

Forms

labrador2005

By labrador2005
in HTML/XHTML

 Share

Recommended Posts

real_illusions Dedicated Member

real_illusions

Posted
Posted

you need a secure server pagei'm also looking into this for my website for payments and stuff.basically, you need to make the oage https:// instead of the normal http://and some other stuff that i cant remember. Best to phone up the server where your site is hosted and ask them as they'll know the ins and outs and stuff of a secure page on their server. Thats what i'm going to do anyway.There might be a universal way of doing this but i dont know of it as like i said before, i'm also looking into this and learning how to do it.hope that helps:)

Link to comment
Share on other sites
Skemcin Devoted Member

Skemcin

Posted
Posted

having your page load in an SSL will only send the information collected from the client to the server in an encrypted format. if your application is programmed to take that information and then send it in an email - then no encryption takes place. So SSL doesn't resolve your entire issue.I've built a tool in Cold Fusion that I've used many times for many clients. Basically, a form (loaded in an SSL) page collects information. My action page then runs the various fields of imformation through one of the encrypting functions that Cold Fusion offers. Then, take the encrypted content and send that to the intended recipient. If it gets intercepted, there would be nothing the person could do. Lastly, I built a form on our server that decrypts the content. So, the recipient copies and pastes the email's contents into this page (again loaded in SSL) and when submitted the original information is discovered. The decryption tool is tucked behind the firewall and is protected with a server level login.

Link to comment
Share on other sites
aspnetguy Sacred Member

aspnetguy

Posted
Posted

wow sounds awesome...is sending data that needs to encryted through email a common thing?I would have though it would be better to encryt it, save it to the DB then extract it with a form (sort of a encryted PM system). That way no emails are sent and they can't be intercepted.

Link to comment
Share on other sites
Skemcin Devoted Member

Skemcin

Posted
Posted

yeah, that would be the ideal way. but the I was asked to build it without the DB is because all the information neded to be confirmed by a human before having it inserted it into the DB. As much as I argued that the data should be inserted and then flagged as not "confirmed" the company insisted that the data be delivered via email first, and then that person would enter the data into the system if needed. I know, I know, I made point after point, mainly focussing on human error on the re-entry - but they still insisted. At the time, I was contracted and getting paid by the hour - - so I argued for as long as I could and then ultimately programmed it they way they wanted.:)[edit] if anyone is interested, I can take some time to post it on my site for you to try out.

Link to comment
Share on other sites
labrador2005 Newbie

labrador2005

Posted
  • Author
Posted
you need a secure server pagei'm also looking into this for my website for payments and stuff.basically, you need to make the oage https:// instead of the normal http://and some other stuff that i cant remember. Best to phone up the server where your site is hosted and ask them as they'll know the ins and outs and stuff of a secure page on their server. Thats what i'm going to do anyway.There might be a universal way of doing this but i dont know of it as like i said before, i'm also looking into this and learning how to do it.hope that helps:)

Hi ,thanks for the advice. I had no idea how to handle this ...Although I have never heard of "oage https" I will look into it on the w3schools-site!I just recently started with building webpages. It is a real challenge but fun to do!I wish you a lot of succes finding the answer on a universal way of doing this!
Link to comment
Share on other sites
labrador2005 Newbie

labrador2005

Posted
  • Author
Posted
yeah, that would be the ideal way.  but the I was asked to build it without the DB is because all the information neded to be confirmed by a human before having it inserted it into the DB.  As much as I argued that the data should be inserted and then flagged as not "confirmed" the company insisted that the data be delivered via email first, and then that person would enter the data into the system if needed.  I know, I know, I made point after point, mainly focussing on human error on the re-entry - but they still insisted.  At the time, I was contracted and getting paid by the hour - - so I argued for as long as I could and then ultimately programmed it they way they wanted.:)[edit] if anyone is interested, I can take some time to post it on my site for you to try out.

Thanks Skemcin for youre reply!I have to be honest :( I do not quite understand the meaning of it all. I just started building websites and do not yet have understanding of al the ins and outs. So you are way ahead of me....but still it is useful. At least I know now there is no easy way to handle this in the html-page itself by a script or something like that......I am surprised though because a lot of information is send by forms so I wonder if there aren't any others who have the same question on encoding and stuff..... :)
Link to comment
Share on other sites
labrador2005 Newbie

labrador2005

Posted
  • Author
Posted
wow sounds awesome...is sending data that needs to encryted through email a common thing?I would have though it would be better to encryt it, save it to the DB then extract it with a form (sort of a encryted PM system). That way no emails are sent and they can't be intercepted.

Hi Aspnetguy,I am building a website with a form included. When I pushe the "send-email" button after filling in the form, a message appear that the information I am going to send isn't secured and can be viewed by others on the web the same goes for my emailadres. That is why I wondered how to make sure the information is encoded and not readable for others on the web.I have to be honest I do not understand what you mean by save it to the DB etc.Could you please explain :)
Link to comment
Share on other sites
Skemcin Devoted Member

Skemcin

Posted
Posted

He is suggesting that the information you collect in the web form shuld be saved into a database. Then, a page would be programmed to send the information out through an e-mail.The reason you get the message you mentioned is because the web browser is trying to take the information from the form and copy-n-paste it into the person email program. So the browser feels responsible for letting you know that this is not the best way of sending data.BTW, here is my tool I mentioned earlier:http://www.iribbit.net/_tools/decrypt/email.cfm

Link to comment
Share on other sites
labrador2005 Newbie

labrador2005

Posted
  • Author
Posted
He is suggesting that the information you collect in the web form shuld be saved into a database.  Then, a page would be programmed to send the information out through an e-mail.The reason you get the message you mentioned is because the web browser is trying to take the information from the form and copy-n-paste it into the person email program.  So the browser feels responsible for letting you know that this is not the best way of sending data.BTW, here is my tool I mentioned earlier:http://www.iribbit.net/_tools/decrypt/email.cfm

Thanks again Skemcin! That's very helpfull. I will check out the link and work on understanding how to save info into a DB etc.have a nice day :)
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...