"I'd figure there are more security concerns when you involve the human error factor"
Not only error, but theft as well. I put myself through college working retail at a nationally known retailer, and I had access to every one of our customers credit card numbers, anytime I wanted. It boggles my mind when people are scared to death to give their SSN or credit card # over the internet, but won't think anything about freely give their credit card to a broke 16 year old running the cash register. Mike -----Original Message----- From: Ray Champagne [mailto:[EMAIL PROTECTED] Sent: Thursday, October 13, 2005 1:54 PM To: CF-Talk Subject: Re: security suggestions? Thanks, Jerry, Justin. I'm going to write all this down and make sure I address all these concerns. Justin, you may be right. Spending thousands of dollars to have a loan app online that may or may not be used seems like a silly waste of money to me. Sometimes new technology isn't always better....although, like Jerry said, it is just as much of a concern when you have a paper version. It just isn't perceived that way, which is weird, because I'd figure there are more security concerns when you involve the human error factor: "Now where is that Loan App? Hmmm, must have left it in the lunchroom/restaurant/bathroom/" Jerry Johnson wrote: > There is the transaction/filling out of information and how it is sent. > Then there is the issue of how and what is stored. > Then there is the issue of how and what is pulled back out and what is > done with it. > Then there is the issue of what system maintenance or backups > replicate the data. > Then there is the issue of what other systems share the same space > > How secure is the db box (and lan) that the data will be stored on? > Does the CF server that gets the information have write-only access to > that db, or can it also read (and potentially display?) > What admin/reporting features are you going to put into place to > retrieve the data? How secure are they? Can the reporting > pages/reports be cached onto non-secure client boxes? Can the > information be printed to a printer? Can it be copied or sent via > email? How is it retained? > > The same questions that would need to be answered if they wanted to > implement a fax-in loan application (where do they store the paper, > who can access it, is it locked up, how do ou destroy it, etc). > > > On 10/13/05, Ray Champagne <[EMAIL PROTECTED]> wrote: > >>We have a potential customer that is a bank (a small local one). They >>want to be able to have people fill out a loan application online, but >>are worried about security, etc. Other than using a secure certificate >>and SQL Server, are there any other considerations I should give to >>security? Sorry this is such a broad question, but I really don't know >>any other things I should be worrying about. >> >>Here's a list that I've thought out, but this is all really elemntary stuff: >> >>Use cfqueryparam always >>Use POST vs GET >>Use SQL Server >>Use SSL >>Only allow retireval of data via the web site, not send any info in emails >>??? >> >> >> >> > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220956 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54