SSL for some forms from formbuilder
SSL for some forms from formbuilder
Is there a way to past certain forms built from formbuilder to a SSL secure https page where credit card # will be emailed?
Re: SSL for some forms from formbuilder
The reason nobody has replied to this topic is because it is not really a CMSMS issue, but instead is an issue of good web design and security practices. But I think a brief reply may help others from making the same mistake. First, never email credit card numbers! Never. Ever.
Even if you use SSL to take the data from the browser to your CMS on your server, (yes that is the right way to do it), email itself is not secure. What you have done is equivalent to hiring an armored truck with armed guards to take the money from the browser to the server, and then taking the result (think of two big bags labeled "Money" in large letters) and just walking them yourself, with no protection, from the server, through unknown neighborhoods, to the client. You might not have had trouble while the money was in an armored car, but you are totally negligent during the second part - the transfer from your server to the client's inbox, even if nothing bad happens.
In order to do anything with credit cards, the client must have a "merchant account" with a bank. The right way to handle this is to use the "payment gateway" which the bank will provide to your client. Or you can use a shopping cart or third-party payment system like PayPal or Google to handle the transaction.
Sending credit card info by email is inviting a lawsuit. SSL only protects you halfway - from the browser to the server.
Steve
Even if you use SSL to take the data from the browser to your CMS on your server, (yes that is the right way to do it), email itself is not secure. What you have done is equivalent to hiring an armored truck with armed guards to take the money from the browser to the server, and then taking the result (think of two big bags labeled "Money" in large letters) and just walking them yourself, with no protection, from the server, through unknown neighborhoods, to the client. You might not have had trouble while the money was in an armored car, but you are totally negligent during the second part - the transfer from your server to the client's inbox, even if nothing bad happens.
In order to do anything with credit cards, the client must have a "merchant account" with a bank. The right way to handle this is to use the "payment gateway" which the bank will provide to your client. Or you can use a shopping cart or third-party payment system like PayPal or Google to handle the transaction.
Sending credit card info by email is inviting a lawsuit. SSL only protects you halfway - from the browser to the server.
Steve
