jonnyo

I am building an application that is for holding my clients customer data and I have some questions regarding security. I realize that I have to get a security certificate so that is not the question. I am authenticating data before being sent into the server and the only form of submission is using javascript after everything has been validated. So, I believe on the input side of things that I am ok. I do have some questions regarding storing that data, and data structure. 1. I wonder though, since not all devices support security certs, if I should implement an encryption with javascript on the client end first. So at least the data in transit is not easily readable? 2. An Ntiered system is not currently in the budget, so I was considering encrypting the client customer data fields in the database. The problem though is that the customer still needs to actively work with the data and the application will need to support joins from perhaps even hundreds or thousands of records per client. While I will not be storing credit cards, the customer information per client information is quite valuable. Any suggestions on security and encryption of data. Also, the way I have set this up thus far is, all client customers in one table with joins. Should this perhaps be done differently? Thankyou