Post Subject: Is there a simple way to encrypt form data before submi
Posted on: Jun 6, 2008
I remember faceless showed me something, but I cannot remember exactly what it was.
Basically I want to do this:
<form action="something.php" method="post">
<input type="text" />
<input type="submit" />
</form>
I want the data to be secure as it goes from the person filling out the form to the server. php on the server should be able to decrypt the data and do something with it (throw it in a database).
Does the enctype property of form let me do this (I cannot find a good description of what it actually does)? Do I need to do anything else? Friend's kid: Mommy, what's church?
Mommy: Church is where people go to learn about God.
kid: Who's God? Does he teach karate?
the quickest way to do this is to use ssl. this doesn't encrypt the info specificly, but encrypt the port it's being transfered over.
the enc type as far as i know is more specific to what type of information you're sending, for example text you'd use the enctype="text/html" files use another that i'd have to look up. you can do an onSubmit action for the form to call a JS function that you run your own encryption on. Hashing it is the most secure way of trasmitting it, but thats not made to be unencrypted. So unless you can use ssl, i'd reccomend coming up with your own little form of encryption.
If con is the opposite of pro, is Congress the opposite of progress?
if you do the javascruipt side you'll need to hide the js in a secure directory since it'll be available to the client side still. you can also ajax the encryption info, it's a little more secure, but not by much.
If con is the opposite of pro, is Congress the opposite of progress?
ssl is used when you use https:// as the protocol right?
Somewhere I read that https:// only secures the data going from the server to the client. (I cannot find it now)
I wasn't sure whether or not its true, especially because it seems like it would defeat half purpose of the security.
Friend's kid: Mommy, what's church?
Mommy: Church is where people go to learn about God.
kid: Who's God? Does he teach karate?
i believe it goes both ways. If your server doesn't already have that it'll probably be a bit of work to setup since ssl has to be make some edits to the apache config file and i think things need to be restarted.
Other then ssl, i think you'll have to whipe up your own js and/or ajax encryption that you can just decrypt on the server end. but it's still pretty insecure to keep things on the client side, but a bit more work for hackers then zero encryption
If con is the opposite of pro, is Congress the opposite of progress?
i don't know what kinda info you're transmitting, but if it's credit cards or anything along those lines, I'd also check to see if they require and minimum security methods be put into place. especially on the receiving end of the form, make sure that it can't be exploited from other other sites, that it confirms your submittion form is sending the information, and if they require your certificates to be authorized by any specific groups because technically anyone with windows server 2003 (i th ink thats the earliest one) can generate theor own ssl certs
If con is the opposite of pro, is Congress the opposite of progress?
