music_lp90 Posted July 21, 2008 Share Posted July 21, 2008 Is there a standard way of handling social security numbers online? If we just have the social security number emailed to us from the form and not stored in a database, is that a safe way to go? Thanks! Link to comment Share on other sites More sharing options...
Skemcin Posted July 21, 2008 Share Posted July 21, 2008 No.E-mail is not secure - even if the form and the action page are processed through an SSL - the email will still travel through an non-secure route.There are two ways around this: database the information into a system the recipient can use (password protected of course) to retrieve it. encrypt the contents of the e-mail and build a decryption tool for the recipient to use to expose the information. I've done both. Obviously is not much of a challenge with the first. If you do not have a need or do not have access to databasing the information, then encrypting is the best way. All you do is use your seerver side scripting language and encrypt the text. When your email is sent, it will be all garbled up. In the footer of the e-mail, remind the recipient that there is a tool [where ever you put it] that they will have to log into, copy-n-paste the text into, and reveal the encrypted content.I've got this written in ColdFusion should you want a copy of the application - its pretty portable.Or, I can spec it out in a little more detail here if you need more clarification on how it works. Link to comment Share on other sites More sharing options...
JC5 Posted July 21, 2008 Share Posted July 21, 2008 I wouldnt mind a copy of tat Link to comment Share on other sites More sharing options...
Skemcin Posted July 21, 2008 Share Posted July 21, 2008 I wouldnt mind a copy of tat Are you familiar with coding in ColdFusion? If not, I'm not sure how valuable the code might be? Link to comment Share on other sites More sharing options...
JC5 Posted July 21, 2008 Share Posted July 21, 2008 Ive done coldfusion before. I know what I would be doing and if i needed help i have u and the articles here Link to comment Share on other sites More sharing options...
music_lp90 Posted July 24, 2008 Author Share Posted July 24, 2008 Thanks for the reply Skemcin. So, would it be a good idea for me to store the information in a database, but also run the social security numbers through a function like this: <?phpfunction enc($a){ $a = '1'.$a; $soc = $a * 4; $soc = $soc + 123054; $soc = $soc * 2; $soc = $soc + 7890005678; return $soc;}?> That way if someone did hack into our database, the numbers would be distorted and they would have to figure out what we were running the numbers through. Of course I could add more calculations into that function to make it more complicated, I guess. I'm trying to combine both of your suggestions into one. Does it make sense to do that? Thanks! Link to comment Share on other sites More sharing options...
justsomeguy Posted July 24, 2008 Share Posted July 24, 2008 It would be easy to crack that if someone had an original and the calculated value, you could just work backwards since you know what the original is to figure out the formula. It might take a while, but it could be done. There are cryptographic functions like mcrypt that you can use to encrypt and decrypt things, those functions take a key that is used in the encryption and decryption, without knowing the key it's pretty difficult to decrypt something. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.