> Question about collecting sensitive data. Any answer you're likely to get here will be incomplete - including mine. You may have specific statutes with which you must comply, also.
> We have a form set up with an ssl cert > On the form there is an tax id number / social security box > The data gets posted to a mysql database > a) do you recommend adding additional encryption to the data when we put it > into the database A yes or no answer here isn't really that useful. What is the threat profile for the data? Where would you store encryption keys? Any time you start talking about encryption, that should really be the first question you address - where do the keys go? As a short answer, if you encrypt the data from your CF application, and the same CF application has the ability to decrypt the data, then if your CF application is compromised - which is the most likely outcome from an external attack - the encryption won't really provide much value. Ideally, your public-facing application would have the ability to encrypt data, but not decrypt it. You might have an internal, private-facing application on a separate server that can decrypt the data, but not encrypt it. > b) there is an auto email sent to the client's backoffice where the data is > received - what is a good practice for handling the sensitive data on the > email? One option is to exclude the sensitive information from the email. The email could simply contain a link to a page that requires authentication to view the sensitive data. Alternatively, there are mechanisms for encrypting email, although I don't know offhand how well they play with CF. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:335889 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
