PDA

View Full Version : SSL



macdj
08-07-2003, 10:02 PM
Hi. I need to collect personal information from some of my customers. So, I need to use SSL. I have read about getting the certificate or sharing westhost's certificate. However, right now I am most familiar with collecting customer information using formmail. The data is just emailed to me from the HTML form. Will SSL protect the data in this situation? Or will I need to implement a database for data storage and retrieval to get SSL protection for the data?

Thanks!

Tyger
08-08-2003, 12:19 AM
Another observation about SSL.... it looks like the "value" package has full SSL now. Does that mean I can use the Miva payment options that require security with the value package?

WestHost - BErickson
08-08-2003, 01:39 AM
Tyger,

Yes. With the value package you have full SSL capabilities.

Hope this helps,

torrin
08-08-2003, 07:45 AM
Will SSL protect the data in this situation? Or will I need to implement a database for data storage and retrieval to get SSL protection for the data?

I depends on how you implement it. If you do SSL with formmail, SSL will protect the data until it gets to the server. After that formmail will send it to you in clear text.

I'd say, save it on the server somewhere and just retrieve it later using ssh or scp. Of course, while it's on the server, it will be sitting there in clear text just waiting for a hacker, but that's the worst case.

Anybody at westhost want to weight in?

Boatdesigner
08-22-2003, 08:12 AM
I have the same question/problem. Is it possible to have the formmail forwarded to your email address and then unencrypt it on my machine in my office? Does this require having my own certificate? Thanks!

gbanse
09-04-2003, 12:27 PM
Anytime you use email you're leaving yourself exposed. You can 'wrap' your email in a protective wrapper using something like PGP http://www.pgp.net/pgpnet/email-help-en.html. I personally prefer to use a custom built Admin interface wrapped up in SSL.

mindseye
09-09-2003, 09:39 AM
I have a site that was set up on 1.0 on a secure server in a way that allowed me to still connect to MySQL. WH had to do some wierd stuff to make everything work becuase the regular shared SSL could not use PHP or MySQL. They did what they called 'zapping' the account so that it just ended up completely on a secure server (I think).

When I heard about 2.0, I questioned them about this to make sure that the SSL would still be available, as well as the ability to use MySQL and SSL together. No one really understood what I was asking, but they made it sound like it would work with no problem.

Since the site was 2.0-ified the secure server no longer works, and I have no idea how to even upgrade to get it back.

Any ideas?

justme
09-09-2003, 04:52 PM
mindseye

You might want to repost this in the General Discussion forum under WH2.0 ... the techs seem to be watching that forum fairly closely.
http://forums.westhost.com/phpBB2/viewforum.php?f=5