Concerns about handling Social Security Numbers with HTML forms

[MockY]

My employer asked if I could change an existing contact form on their website to allow clients to enter their Social Security Number along with the normal contact information if the client decide to do so, instead of going through the motion of physically send in the form via snail mail, fax, or in person (like it is currently handled).

But since this piece of information is of such delicate nature, I wonder how I should approach this from both a legal standpoint and from a programming standpoint.

The form currently sends the information entered by the user to an inbox with mail(), so my initial thought was to somehow encrypt the information, limiting the risk of someone getting a hold of this information once the use user clicks "Send". But is full blown SSL really necessary for this? Are there easier options? And what should I think about before enabling this?

[teamatomic]

https. Tell your boss that he needs to get a certificate and contact your webhost and tell them you need SSL as you need to secure a form. Should be fairly easy and straight forward all the way around.

 

 

HTH

Teamatomic

[MockY]

Id SSL is the only option I have, then I wonder something else. The company utilizes Google Apps, and all emails are therefore directly sent to Google servers and not the host. How would that work with what I want to do?

[teamatomic]

What does email have to do with the form. Surely you dont plan on sending SSN's via email?!?

 

What SSL will do is the browser will encrypt the data sent to the secure form on the https site and it will be unencrypted when it hits the server. Leave email out of the equation.

 

 

HTH

Teamatomic

[gizmola]

Here's an approach that could solve the email issue -- use GNU PGP.  First you would have to set this up in the email clients for your employer.  You would then need to take the public key and copy it to the server (and of course the server would need GNU PGP installed).

 

This blog post explains the details:  http://www.pantz.org/software/php/pgpemailwithphp.html

 

If your employer resists this approach make sure you explain to them the potential liability they face using the public email system which sends all email across the internet in unencrypted form, allowing anyone who is able to sniff traffic to read all the email that is transported.

 

For the same reasons, any forms that solicit people to fill out personal and confidential information absolutely must be SSL'd as stated by Teamatomic.  This is for the protection of the clients as well as your company.  Sniffing might be hard to pull off for a lot of people, but more and more as people use wifi and public hotspots, they expose themselves unknowingly to having having their personal information sniffed for the same reasons. 

 

Paying for and implementing SSL with valid certificates will boost the overall credibility of the business for any business savvy people.

[MockY]

So I'm looking at SSL and PGP. I was hoping for something easier. I guess I have to bite the bullet and educate myself about it.

So this certificate, should I get it from my host or a third party, and what should I expect to cough up for it?

[teamatomic]

SSL is simple. As simple a simple can get. Once you have a certificate and it is installed, which is easy. You use the SSL space for your for form. Some host will SSL your whole site for you, others will give you a separate space for it. Anyways, the only difference for you is in the action=. https instead of http.

 

 

HTH

Teamatomic

[gizmola]

So I'm looking at SSL and PGP. I was hoping for something easier. I guess I have to bite the bullet and educate myself about it.

So this certificate, should I get it from my host or a third party, and what should I expect to cough up for it?

 

You'll want to buy a cert from a certificate authority.  This is the only way SSL will work seamlessly. You can generate your own certs but they cause messages to pop up and interrupt the flow of the application.  They're fine for intranet or internal company applications, but for a business you want to buy one.

[mapleleaf]

Hope your boss understands the implications of storing SSNs in a database that can be accessed from the internet. I wouldn't do it without some serious security protocols.

[MockY]

Thanks for all the answers. I now have successfully bought and implemented a certificate from a certificate authority and have generated a gnupng key pair. It's all smooth sailing so far. However, there is one, hopefully small, issue left. How do I go about and use gnupng with mail()? I have read a couple of guides that briefly discusses it, but it oddly enough don't seem very common. The guide that is the most helpful is provided by Kelv but I can't seem to understand it fully.

 

My entire form, or message, is contained in one single variable called $message. One would think that there would be a function to simply encrypt the message, but the guide above is a little to advanced for me without explanations.

 

Any help is greatly appreciated.

[MockY]

I am exhausted now after all research and I think I have given up on this idea. So I looked at Pear for some solutions and I think I found one. I already tested it and it sends the form just fine. However, I am still concerned about security.

 

My company uses Google Apps, and receives and sends therefore all emails via Google servers. So this is the code that I ended up using. I am sending via SSL since Google only allows SSL when using their SMTP servers, but I would like to get some input to whether this method, along with my certificate, has sufficient security when using a form that processes and sends social security numbers.

 

require_once "Mail.php";

$from = "Sandra Sender <sender@example.com>";
$to = "Ramona Recipient <recipient@example.com>";
$subject = "Hi!";
$body = "Hi,\n\nHow are you?";

$host = "ssl://mail.example.com";
$port = "465";
$username = "smtp_username";
$password = "smtp_password";

$headers = array ('From' => $from,
  'To' => $to,
  'Subject' => $subject);
$smtp = Mail::factory('smtp',
  array ('host' => $host,
    'port' => $port,
    'auth' => true,
    'username' => $username,
    'password' => $password));

$mail = $smtp->send($to, $headers, $body);

if (PEAR::isError($mail)) {
  echo("<p>" . $mail->getMessage() . "</p>");
} else {
  echo("<p>Message successfully sent!</p>");
}

[theITvideos]

So I'm looking at SSL and PGP. I was hoping for something easier. I guess I have to bite the bullet and educate myself about it.

So this certificate, should I get it from my host or a third party, and what should I expect to cough up for it?

 

You'll want to buy a cert from a certificate authority.  This is the only way SSL will work seamlessly. You can generate your own certs but they cause messages to pop up and interrupt the flow of the application.  They're fine for intranet or internal company applications, but for a business you want to buy one.

 

Hi gizmola,

 

My company wants me to have SSL certificate in the admin area of the website.  I would like to know how we can get the SSL, which company is the best.

 

And once we buy the certificate, how do we install it. I know, it is some certificate that we get but how to do we get it working on our php website.

 

Thanks Gizmola and looking forward to your reply!