Please direct me to the right place or answer these questions directly if you can as I'm a bit lost on where else to look. Thank you in advance for your help!
-- John Carrell 1002 B W. Pine St. Missoula, MT, 59802 630 650 5157
Hello. I'm new to web development though I've been experimenting with
computer programming since I was young. I have some questions
regarding security standards for a site I'm creating now. The site is
for an eye doctor's practice. Most of it is just the usual information
and pictures but we decided to add the functionality of an online
medical history form.. Patients can go to the website and fill out
their medical history for the office staff to retrieve. The patients
don't have to "log in," they simply fill out the form and it's gone.
They cannot access it to modify to it. The office staff can then
retrieve the information, delete it and print it. The site is SSL
secured and has a redirect to the HTTPS protocol. I'm wondering, as
I'm sure there are legal ramifications for both the doctor and I to
make sure that this data is secure (it does include the patient's SS
#). In addition to the Secure Socket Layer what other security am I
expected to enforce to keep this site up to the current standards? Are
there guidelines for the administrative password to keep someone from
being able to access that portion of the site. Is it necessary to
encrypt the sensitive information when it's stored in the database?
I've also heard about hackers being able to submit forms and trick the
SQL query to return other information and do undesired things. How can
I prevent this? I feel certain that someone has set a standard that we
can stand by if a legal matter came up regarding the security of our
site, not to mention having this would encourage our users to feel
safe entering their data.
- Database/SSL Security John Carrell
- Re: Database/SSL Security Joseph Becher
- Re: Database/SSL Security Ian Jacobs
