That's an excellent point - thank you Scott -----Original Message----- From: Scott Stewart [mailto:webmas...@sstwebworks.com] Sent: 2010-07-30 11:38 To: cf-talk Subject: Re: sensitive data collection practices with cf
"> b) there is an auto email sent to the client's backoffice where the data is > received - what is a good practice for handling the sensitive data on the > email?" Dont.. set up an admin interface and let them know they have data to attend to. Sending SSN's and TIN's over email is a bad idea. Stick the admin interface behind an SSL cert On Fri, Jul 30, 2010 at 11:24 AM, cfcom <cf...@aceligent.com> wrote: > > Question about collecting sensitive data. > We have a form set up with an ssl cert > On the form there is an tax id number / social security box > The data gets posted to a mysql database > a) do you recommend adding additional encryption to the data when we put it > into the database > b) there is an auto email sent to the client's backoffice where the data is > received - what is a good practice for handling the sensitive data on the > email? > > Thank you > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:335892 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm