There is the transaction/filling out of information and how it is sent. Then there is the issue of how and what is stored. Then there is the issue of how and what is pulled back out and what is done with it. Then there is the issue of what system maintenance or backups replicate the data. Then there is the issue of what other systems share the same space
How secure is the db box (and lan) that the data will be stored on? Does the CF server that gets the information have write-only access to that db, or can it also read (and potentially display?) What admin/reporting features are you going to put into place to retrieve the data? How secure are they? Can the reporting pages/reports be cached onto non-secure client boxes? Can the information be printed to a printer? Can it be copied or sent via email? How is it retained? The same questions that would need to be answered if they wanted to implement a fax-in loan application (where do they store the paper, who can access it, is it locked up, how do ou destroy it, etc). On 10/13/05, Ray Champagne <[EMAIL PROTECTED]> wrote: > We have a potential customer that is a bank (a small local one). They > want to be able to have people fill out a loan application online, but > are worried about security, etc. Other than using a secure certificate > and SQL Server, are there any other considerations I should give to > security? Sorry this is such a broad question, but I really don't know > any other things I should be worrying about. > > Here's a list that I've thought out, but this is all really elemntary stuff: > > Use cfqueryparam always > Use POST vs GET > Use SQL Server > Use SSL > Only allow retireval of data via the web site, not send any info in emails > ??? > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220939 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
