PDA

View Full Version : How to Secure forms?


ramandeep
11-11-2005, 02:32 PM
Hello friends.
If a web form which accepts credit card details is placed in HTTPS,do you consider it secure?
If not
What is the cheapest & best way to secure a transaction where CC details are bieng passed on from form to email.

davidj
11-11-2005, 02:38 PM
in my opinion the banks cant be wrong

i think it is the safest way to secure data (thats what it was invented for)
there is different encrypt methods so that depends on what your after.
go for the highest encrypt @ 128 over https (ssl) its slower but thats the hit yo take.

bkendall
11-11-2005, 04:43 PM
when you say cheapest, are you meaning free or just time wise? Normally you will need an SSL certificate and I don't remember what they are cahrging for that but I am sure I could find out. I think several companies offer those now.

Creative Insanity
11-11-2005, 06:20 PM
Yeah I agree with dj.. banks cannot be wrong as they have so much to protect.
As for SSL, you can add that to your server yourself. Just ask your hoster.
Liniux Apache 2.0.50 somes with it by default.

ramandeep
11-11-2005, 10:16 PM
Thanx friends,
So you also say Shared SSL is secured!
I have being using it in cases where we process credit card details for clients .

but i had a question that if its secure than why does the need rise to use secure certificates.
Is there just the encryption method difference or ?

Creative Insanity
11-12-2005, 12:06 AM
You don't need certs if your https and ssl is setup correctly to start a encrypted session for each connection.
The way that a bank uses them from what I understand is when you login to your account this starts an encrypted session for your login name and once you log out the session is dropped. This is why on bank websites they are strong about logging out as a session could be picked up if it is not deleted.
If you do not logout they can take up to 20 minutes for the session to reset.

ramandeep
11-12-2005, 09:59 AM
Thanx Mate,Cheers!