Securing form data???

My client would like to have an online form that gathers some sensitive data.

company info...size, products, gross/net sales, markets etc.

They want to insure their clients that this data is safe.

Are there any methods to collecting and storing this data that can keep it secured?

One form data is emailed I'm pretty sure its not secured...correct?

I'd like to use chronoforms for this but I need a method of keeping the data secured.

They do have ssl on their joomla site.

Thanks for help/ advise.

Brett<br><br>Post edited by: bvrettski, at: 2007/09/13 19:10

Hi,

I believe you need to care about 2 steps :

#1- when data is posted to the server, you can secure this by making the form link start with https:// instead of index.php or http:// , this will force a secure connection.

#2- use secure way to send emails for example using SMTP.

Cheers

Max

I'm not sure how smtp is emplimented in joomla or in league with chronoforms.

This would ensure the form was only being sent to a verified email address and or ip address and or port correct?

Does it help to have email encryption? I have heard some hosts provide that option. In my mind the emails...once delivered need to be secured as they sit their in the mail server too.

Appreciate the help and insights.

Brett

Hi Brett,

in joomla global config you can choose which way to send emails, SMTP or PHPmailer.

What I know is that SMTP is secure enough to deliver emails and if there is any more security issues then this is host related and will be used over the SMTP so neither Joomla nor chronoforms control this at all, to be clear this is what happens when email is sent behind the scenes :

#1- Chronoforms calls the joomla mailing function.
#2- Joomla see which mailing method its configured with and use this one to send the email.
#3- Your host mail server does anything more, so you must check there.

If you would like to add any more info to this here please do so everybody get benefited from it😉

Cheers

Max

In scouring the joomla forums I was able to find a rather lengthy list of people who are all after the same thing.

A number of people would like to see some sort of integration with PGP or another encryption solution. Something to encrypt the email even as it sits in the in box and only decrypts it once its opened to view.

Some links to related posts / topics

How do I send encrypted email?
http://ask-leo.com/how_do_i_send_encrypted_email.html

How to use pgp encryption with cgi forms
http://forum.joomla.org/index.php/topic,99991.0.html

Encypting
http://forum.joomla.org/index.php/topic,88207.0.html

Facile Forms and Encrypted Email
http://forum.joomla.org/index.php/topic,103973.0.html


mailto encryption mambot, good idea?
http://forum.joomla.org/index.php/topic,42523.0.html

Hi,

From the Facile form post, If this code will work (I cant test this now and it will need some server config), if this code runs successfully then you can get it to work by hacking file chronocontact.php

find a line has "mosmail("

Now replace it with this code :

//Tell gnupg where the key ring is. Home dir of user web server is running as.
// change this to the correct path of your webspace /kunden/homepages/41/dxxxxxx/htdocs/.gnupg
putenv("GNUPGHOME=/username/home/.gnupg"«»);

//create a unique file name
$infile = tempnam("/tmp", "PGP.asc"«»);
$outfile = $infile.".asc";

//write form variables to email
$fp = fopen($infile, "w"«»);
fwrite($fp, $body);
fclose($fp);

//set up the gnupg command. Note: Remember to put E-mail address on the gpg keyring.
$command = "/usr/bin/gpg  -a --always-trust --batch --no-secmem-warning -e -r $pgpuser  -o $outfile $infile";

//execute the gnupg command
system($command, $result);

//delete the unencrypted temp file
unlink($infile);

if ($result==0) {
   $fp = fopen($outfile, "r"«»);
   if(!$fp||filesize ($outfile)==0) {
     $result = -1;
   }
   else {
     //read the encrypted file
     $contents = fread ($fp, filesize ($outfile));
     //delete the encrypted file
     unlink($outfile);
     //send the email
     mail ($testemail, $emailsubject, $contents, $emailfrom);

     print "<html>Thank you!! Your encrypted E-Mail has been sent. </html> ";
   }
}
if($result!=0) {
   print "<html>Their was a problem processing the informaion.";
}

but take care to changet he email variables with those of chronoforms, also replace the line " mail ($testemail, $emailsubject, $contents, $emailfrom);" in the code above with the Mosmail one in Chronoforms.

Cheers

Max

Wow...yes I saw that and it all goes right over my head.

When it comes to coding I'm a hack at best. I can tinker a little but I have no idea what most of that code is designed to do and what other scripts might be necessary to make this work.

Thanks for the help though.

Now I just need someone who understands coding and wants to try this with me.

Brett

Hi Brett,

I wish you can find some one soon and get it to wrok, Iam sorry I cant be more help because we are working hard here nowadays to get the stable version of ChronoForms v2.3 and a J1.5 version.

Best regards,

Max