Secure forms

[schwooba]

Howdy...I'm still kinda green with PHP/MYSQL but I wanted to get the groups expert opinion.

 

I'm hosting a website with a provider that doesn't allow gnuPGP (because they are trying to sell their own secure forms at an outrageous price). Anyway, what would be the best way to implement a secure form? Initially, I wanted to encrypt the contents using gnuPGP and email to me but...and I'm not comfortable building it from scratch using PHP/MYSQL because I have a feeling it would be to difficult. Are their any good open source programs that I can tweak to fit my needs use like Joomla or Wordpress? The hosting provider does allow mysql. Or am I better off learning it and building it myself?

 

Thanks in advance.

[xtopolis]

Your title is a bit misleading.

 

A form in itself is not secure.  It is a method of retrieving data from a user, end of story.

 

The processes that would make the exchange of data would include(but not limited to):

• Force SSL
  
• Authentication before sending (login as someone)
  

 

Also, you said something about emailing yourself the info, but afaik, that doesn't seem like a very secure way to handle the data, even if you PGP encrypt it..  If you have mysql support, you may as well store it there, and create a secure way for you to view / export it.

 

This very much depends what type of data you are handling... if it's so sensitive you're worried about anyone else reading it.. it might be worth it to pay for a 'guaranteed' secure one.