Hi all.
I have used Form Builder for various pages on my site and wondered if there was any real need to use an SSL certificate? None of them pass anything too sensitive but some do pass contact details (name, address, telephone number, etc).
Thanks,
Dave
SSL required for Form Builder?
Re: SSL required for Form Builder?
I'm a novice myself, but surely the 'if' statement, which is in the template, can be extended to do an 'else' with a 'non-ssl' UDT, it should switch back; something like:
UDT {nonSSL}=
so the whole thing in the template would be:
{if $page_alias == "page-with-form"}{ssl}{else}{nonSSL}{/if}
Or is that just too simple?
UDT {nonSSL}=
Code: Select all
if ($_SERVER['SERVER_PORT']=443)
{
$url = "http://". $_SERVER['SERVER_NAME'] . ":80".$_SERVER['REQUEST_URI'];
header("Location: $url");
}
{if $page_alias == "page-with-form"}{ssl}{else}{nonSSL}{/if}
Or is that just too simple?
Re: SSL required for Form Builder?
Dave's original question seems to have gotten lost. He asked "if there was any need" rather than "how do I". This is my personal opinion, and I would appreciate other's input. Since this is not really a CMSMS issue, I am not sure this is the correct forum, but here goes:
I have never used SSL for ordinary contact forms containing name, phone number, address, or email, unless the very fact of submitting the form implies something sensitive. For example, if a browser submits the above info to a candle store to receive a catalog, I do not use SSL. I think that is generally accepted, but I would like to know other people's thoughts.
However if the same personal information is sent from an identical contact form to a psychiatrist's office, then I think the very fact that the inquiry was made is sensitive and yes I would use SSL. This applies to all other HIPAA http://www.hhs.gov/ocr/privacy/ information.
Then I see gray areas: What if the info is not sent to a candle maker but is instead sent to a Pagan or Wiccan store? What if the info is for sex toys? I don't know of any industry standard guidelines.
Remember this is my personal opinion, and I assume no liability if others follow it. YMMV.
Steve
I have never used SSL for ordinary contact forms containing name, phone number, address, or email, unless the very fact of submitting the form implies something sensitive. For example, if a browser submits the above info to a candle store to receive a catalog, I do not use SSL. I think that is generally accepted, but I would like to know other people's thoughts.
However if the same personal information is sent from an identical contact form to a psychiatrist's office, then I think the very fact that the inquiry was made is sensitive and yes I would use SSL. This applies to all other HIPAA http://www.hhs.gov/ocr/privacy/ information.
Then I see gray areas: What if the info is not sent to a candle maker but is instead sent to a Pagan or Wiccan store? What if the info is for sex toys? I don't know of any industry standard guidelines.
Remember this is my personal opinion, and I assume no liability if others follow it. YMMV.
Steve
Re: SSL required for Form Builder?
Steve
You may well be right (that the question originally posed by Dave may not belong in this forum), but the discussion on 'how' is still apposite, given that it does belong in the forum as a CMSms/php issue (although it might not belong to the original question)!
I think the answer to the original question has to be: do what you feel is necessary to provide the level of security for the information that is being exchanged in the context in which it is being exchanged. Consider always the consequences of the information not reaching the intended recipient or reaching an unintended recipient; if the consequences would be dire, then use SSL
I would appreciate any comments on the viability of the suggestion made in my earlier post.
Jan
You may well be right (that the question originally posed by Dave may not belong in this forum), but the discussion on 'how' is still apposite, given that it does belong in the forum as a CMSms/php issue (although it might not belong to the original question)!
I think the answer to the original question has to be: do what you feel is necessary to provide the level of security for the information that is being exchanged in the context in which it is being exchanged. Consider always the consequences of the information not reaching the intended recipient or reaching an unintended recipient; if the consequences would be dire, then use SSL
I would appreciate any comments on the viability of the suggestion made in my earlier post.
Jan
