Secure Site Form and saving data?

  • Thread starter Thread starter Mr B
  • Start date Start date
M

Mr B

We have a form on our website that collects Credit Card information. We need this form to be
accessed from our secure site HTTPS://.....

What are my options for submitting the form so that it stays secure? I think if I use the EMAIL
results that it's technically considered not secure because it uses email. So do I have to save it
to a file instead? And if so, does it matter what file I use and where the file is put?

I don't know how the whole Secure site stuff works in the backside.

Thanks.
 
Mr B said:
We have a form on our website that collects Credit Card information. We need this form to be
accessed from our secure site HTTPS://.....

What are my options for submitting the form so that it stays secure? I think if I use the EMAIL
results that it's technically considered not secure because it uses email. So do I have to save it
to a file instead? And if so, does it matter what file I use and where the file is put?

I don't know how the whole Secure site stuff works in the backside.

Thanks.
Click to expand...

Yes it matters. Good call not sending CC info via email.

Though when you save the file to the web, you have a number of other
risks.... people may be able to view the file with just a browser, your host
will have access to the file, and then you have to download the file to view
it anyway....

Your best bet would be not to try to do that sort of stuff on the cheap and
get a real web store-front management package to run your site.

Taking dumb risks with your customers credit cards is not cool.
 
And the question/issue is?

--

==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, Forums, WebCircle,
MS KB Quick Links, etc.
==============================================
 
Did you not see the original post or did you not understand the question?

Here's the original if you missed it...


We have a form on our website that collects Credit Card information. We need this form to be
accessed from our secure site HTTPS://.....

What are my options for submitting the form so that it stays secure? I think if I use the EMAIL
results that it's technically considered not secure because it uses email. So do I have to save it
to a file instead? And if so, does it matter what file I use and where the file is put?

I don't know how the whole Secure site stuff works in the backside.

Thanks.
 
We have a store front end already but this item isn't one we can use easily in the store so we are
doing it manually. I think we have a workaround in place but in case that doesn't work, I'm just
looking to see the best way to handle thsi in FP.

Once we get the data out of the file we'd delete it so it wouldn't be on the site for more than a
day or so. And it'd get put in the Private folder which theoretically would mean you'd need to be
able to log into the website to get at it...
 
I don't keep read messages.

--

==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, Forums, WebCircle,
MS KB Quick Links, etc.
==============================================


Mr B said:
Did you not see the original post or did you not understand the question?

Here's the original if you missed it...


We have a form on our website that collects Credit Card information. We need this form to be
accessed from our secure site HTTPS://.....

What are my options for submitting the form so that it stays secure? I think if I use the EMAIL
results that it's technically considered not secure because it uses email. So do I have to save it
to a file instead? And if so, does it matter what file I use and where the file is put?

I don't know how the whole Secure site stuff works in the backside.

Thanks.
Click to expand...
 
1. To have users access the form, you have to create a absolute URL to the
form. If the form is being processed via the FP Form Handler, then the
extensions must setup on the server to use Port 443 as well.

2. The problem with using the FP Form and storing the data in the _private
folder that it give hacker a directly location to where you are storing this
data. The best option is to have the data stored in a database, that is
stored outside of the web root, meaning that it is no accessible from within
FP, only via FTP. This requires that a application be written in a
server-side scripting language, where you would receive a email each time a
order is processes, then you would login via the application, to access the
order details over https.

3. If you already are using a secure eCommerce application, might be a good
idea to talk with the developer to see if he can work this item into being
process via the cart application.

--

==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, Forums, WebCircle,
MS KB Quick Links, etc.
==============================================


Mr B said:
Did you not see the original post or did you not understand the question?

Here's the original if you missed it...


We have a form on our website that collects Credit Card information. We need this form to be
accessed from our secure site HTTPS://.....

What are my options for submitting the form so that it stays secure? I think if I use the EMAIL
results that it's technically considered not secure because it uses email. So do I have to save it
to a file instead? And if so, does it matter what file I use and where the file is put?

I don't know how the whole Secure site stuff works in the backside.

Thanks.
Click to expand...
 
Back
Top