RE: [wdvltalk] Securing web traffic
SSL is the first bit as long as you make sure that every page that could possibly access the info is forced through the SSL But encrypting the database is out of my area. I had someone else do it on the HPPA (Healthcare Patient Privacy Act) when I did one. Cheryl D Wise MS MVP Expression - Author: Foundations of Microsoft Expression Web Win the full Expression Studio - see contest rules http://forum.by-expression.com/forums/ShowThread.aspx?PostID=1070#1070 Last chance to register forJanuary 12th Expression Web and CSS classes: http://starttoweb.com -Original Message- From: Ross Clutterbuck [mailto:[EMAIL PROTECTED] Sent: Monday, January 14, 2008 11:30 AM To: wdvltalk@lists.wdvl.com Subject: RE: [wdvltalk] Securing web traffic This is what I thought Cheryl, but the main thing I'm after really is pointers on how to do it. Is it just a case of programming my PHP + MySQL app as normal but providing HTTPS addresses to my domain and having an SSL certificate? Is it more complex than that? The WDVL Discussion List from WDVL.COM To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] or use the web interface http://e-newsletters.internet.com/discussionlists.html/ Send Your Posts To: wdvltalk@lists.wdvl.com To change subscription settings, add a password or view the web interface: http://intm-dl.sparklist.com/read/?forum=wdvltalk http://www.wdvl.com ___ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
RE: [wdvltalk] Securing web traffic
This is what I thought Cheryl, but the main thing I'm after really is pointers on how to do it. Is it just a case of programming my PHP + MySQL app as normal but providing HTTPS addresses to my domain and having an SSL certificate? Is it more complex than that? MOU The WDVL Discussion List from WDVL.COM To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] or use the web interface http://e-newsletters.internet.com/discussionlists.html/ Send Your Posts To: wdvltalk@lists.wdvl.com To change subscription settings, add a password or view the web interface: http://intm-dl.sparklist.com/read/?forum=wdvltalk http://www.wdvl.com ___ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
RE: [wdvltalk] Securing web traffic
I don't know about the UK but in the US if there is any health information whatsoever your security measures must include SSL and encryption of the database. Cheryl D Wise MS MVP Expression - Author: Foundations of Microsoft Expression Web Win the full Expression Studio - see contest rules http://forum.by-expression.com/forums/ShowThread.aspx?PostID=1070#1070 Last chance to register forJanuary 12th Expression Web and CSS classes: http://starttoweb.com -Original Message- From: Ross Clutterbuck There's always something new to learn and this is the first time I've really needed to secure a web session in a client project, and I'm after a few pointers if I may... Fundamentally, the project is an online questionnaire which stores responses in a back-end database. That database can be queried by the client and reports generated. Easy stuff. Now given the nature of the data can be considered sensitive (mental health in the workplace) the client wants this to be as secure as possible. So my questions are twofold: Firstly, shall I just secure the login process and set a session cookie or do I secure the entire session? Secondly, how exactly do I go about it? As far as I gather I don't necessarily need to do anything different in programming but I'll need to run everything through SSL and have the appropriate certificates. Or am I wrong here? Pointers, info and tips please much appreciated as always! The WDVL Discussion List from WDVL.COM To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] or use the web interface http://e-newsletters.internet.com/discussionlists.html/ Send Your Posts To: wdvltalk@lists.wdvl.com To change subscription settings, add a password or view the web interface: http://intm-dl.sparklist.com/read/?forum=wdvltalk http://www.wdvl.com ___ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
[wdvltalk] Securing web traffic
Hi list There's always something new to learn and this is the first time I've really needed to secure a web session in a client project, and I'm after a few pointers if I may... Fundamentally, the project is an online questionnaire which stores responses in a back-end database. That database can be queried by the client and reports generated. Easy stuff. Now given the nature of the data can be considered sensitive (mental health in the workplace) the client wants this to be as secure as possible. So my questions are twofold: Firstly, shall I just secure the login process and set a session cookie or do I secure the entire session? Secondly, how exactly do I go about it? As far as I gather I don't necessarily need to do anything different in programming but I'll need to run everything through SSL and have the appropriate certificates. Or am I wrong here? Pointers, info and tips please much appreciated as always! MOU The WDVL Discussion List from WDVL.COM To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] or use the web interface http://e-newsletters.internet.com/discussionlists.html/ Send Your Posts To: wdvltalk@lists.wdvl.com To change subscription settings, add a password or view the web interface: http://intm-dl.sparklist.com/read/?forum=wdvltalk http://www.wdvl.com ___ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.