Security Suggestions

[hostfreak]

I am just wondering the bare minimum security steps that should be taken to prevent the numerous security issues involving a php/mysql system. I am aware of the basics/more advance etc, but the system I am making will be handling ssn #'s, license numbers etc. So I know I need to look into ssl? Any resources to more information on that would be grateful. The system will only be accessible to authorized users, so I don't think user input besides the login is much of a concern security wise. I will be using sessions, cookies etc. I know this is such a broad question, I am not really looking for anything specific. Just advice concerning the issue of security I guess. More so for a system that handles ssn #'s etc. Any advice, resources etc are greatly appreciated. Thanks in advance.

[Caesar]

Definitely use SSL. And I believe you would also need to look into Federal Laws and liablity when dealing with SSN's.....

Create an encryption method using keywords that you define as part of the encryption, before storing them in the database. Then reverse this process when retrieving them. Write the encryption class in it's own file and use something like Zend encoder to encode that file. :-)

[hostfreak]

Thanks so far. I will look into the laws around here. Do you know of any good resources for ssl? Isn't is possible to make your own ssl cert. instead of buying one?

[hostfreak]

Sorry to bump this thread, but I was wondering if anyone else had any other suggestions? That and the board seems to be going a little slow right now (not many new threads) :) so figured might as well bring this back up.