On 9/28/07, George Linderman <[EMAIL PROTECTED]> wrote: > Thirdly, the security of transmitting data. I understand this massive > security risk, just that I'm not sure where to even start getting SSL...or > even what that really entails. As far as I understand it, it's a certificate > saying that the data is being transmitted securely, which I'd expect it > means it's encrypted. But, how can you use the encrypt() function, without > sending the data to a processing page for encryption? This is obviously a > problem...because the data would be intercepted before going to the action > page, and the entire encryption system would be pointless.
This is usually accomplished by using HTTPS connections on the websever instead of HTTP connections. HTTPS uses SSL to create a secure, encrypted connection between the web browser and the web server. Look through your web server's documentation to see how to set this up, it's very different server to server. The common thread is that you'll need an SSL Certificate. I'm pretty sure hostmysite has a discount program through an SSL certificate provider and can walk you through installing it on their servers. The point of encrypting the data on the server side is so if someone were to hack your database upload (not as hard as you might think as you're probably using ftp as hostmysite and all the passwords in FTP as clear text) and steal the database, it would be difficult to read anything in it if the data is encrypted. Of course encryption means you have to have a key and the key has to be stored somewhere, probably on the disk with the encrypted data, which means it's vulnerable. For passwords, I like to use hashing with a salt, rather than encryption. See http://blog.maestropublishing.com/index.cfm?mode=entry&entry=449950B9-955F-B7CC-5DC0A6906F8999B4 and http://www.petefreitag.com/item/270.cfm. Use one of the SHA hash methodologies, not MD5 (MD5 has been reliably cracked). /hofo -- Howard Fore, [EMAIL PROTECTED] "In any moment of decision, the best thing you can do is the right thing, the next best thing is the wrong thing, and the worst thing you can do is nothing." - Theodore Roosevelt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create robust enterprise, web RIAs. Upgrade to ColdFusion 8 and integrate with Adobe Flex http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:289721 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
