Microsoft Small Business Specialist
Keller Chamber of Commerce

Grapevine Chamber of Commerce
Securing Web Forms

Understanding the Security of Web Form Data
You're ready to move your web site to the next level, to have it interact with your viewers. You have several areas within your web site that you want to collect information from viewers to turn those viewers into customers. You will need to install an use a VeriSign security certificate to secure data that is entered on the form on the users PC as it is transmitted to the web server. Presuming that your web site is hosted with a web hosting provider, like Tushaus, you will need to secure the data as it is transmitted from the web server to your office. Typically, this information is sent back to you in an E-mail. E-mails are sent over the Internet in clear text format, meaning, the information in that E-mail can be read by someone with ill intent. There are several possible methods of getting this information from the web server to your office securely.

Key Considerations
There are several possible solutions and the appropriate solution depends on your situation. Key consideration to the solution you should pick include: The number of fields and the number of forms that you need to secure.
How the information is routed within your office will determine the best method of receiving this information. If the information is routed to several people or if multiple people or departments need to process the information, then an E-mail routing solution may be more beneficial.
If you need to report on statistical information, a database solution may be more beneficial. You will have the ability to report on the number or requests, the current status or the date closed. Often tracking this information will help to justify expenses for development of the Internet web site.

Solutions
Use PGP Encryption with E-mail. Networks Associates Technology, Inc PGPmail Encryption can be used to encrypt E-mail contents at the server and then decrypt the content at your location.
Use PGP encrypted file with FTP. If you are using a database to store the information, Networks Associates Technology, Inc PGPfile Encryption can be used to encrypt and exported file, which can be FTPed to your location.
Store the information within a secure SQL Server database and retrieve it using your browser over a secure VeriSign link.
Create a dedicated line between your web hosting provider and your office, and funnel all communications over that secure line. Although this may seem to be a rather costly approach from between $200 - $500 per month, it can save on development costs and is the most secure method of transmitting the data.



 





© Copyright 2007 TiffCo, Inc. All Rights Reserved