Forms,secure webspaceand emailing results

[Edwin Hannan]

Hi All

I use FP2k and 2003

I need to move an application form to a secure web folder - what happens
with emailing the results?

Are they still emauiled? (as non secure)

How does all this work, please advise

cheers

Ed

 

[Ronx]

Any email is insecure unless it is encrypted with something like PGP
(which costs $$$).
Otherwise the form results should ideally be stored in a database
located outside the web.
If by secure you mean the form data is encrypted when travelling from
client browser to the server, you will need a SSL certificate
installed on your site, and the form will be accessed using
https://example.com/folder/form.htm. If the form is to be processed
using the extensions this will also require the FP extensions be
installed on port 443 as well as the normal port 80. If asp (or
another server side technology) is used port 443 extensions will not
be necessary.

If by secure folder you mean the user has to logon to access the form,
the data will not be secure while travelling between client and
browser.

 

[Edwin Hannan]

Ron

The scenario I envisage is that the applicant will access the application
form via a link to https://example.com/folder/form.htm.

I am looking into shared ssl with my frontpage host.

So if the applicant duly completes my secure application form and submits it
(and as you suggest' the form results are stored in a database located
outside the web') then:-

1) what do you exactly mean by 'stored in a database located outside the
web'?
1a) is this still a folder in my web space say _private? or _db?

2) how do I get the form results from this database?
3) can I still get an email alertting me that a potential client has filled
in an app?

How do other frontpage users do it?
what is the most simplest method?

This is a little confusing, sorry that I do not quite undertand this
process

Thanks

Ed

 

[Ronx]

Inline

Ron

The scenario I envisage is that the applicant will access the
application
form via a link to https://example.com/folder/form.htm.

I am looking into shared ssl with my frontpage host.

Some shared SSL scenarios require the forms etc. are accessed by a
completely different URL to your own site's.

So if the applicant duly completes my secure application form and
submits it
(and as you suggest' the form results are stored in a database
located
outside the web') then:-

1) what do you exactly mean by 'stored in a database located
outside the
web'?
1a) is this still a folder in my web space say _private? or _db?

No, this is a folder *outside* the webspace - some hosts offer this,
others do not..
FrontPage will place an Access database in the _fpdb folder inside
your webspace, with permissions set on the folder that should prevent
the database being viewed or downloaded by unauthorised users, but
locating outside the web is more secure.

Or you could use SQL Server or mySQL, which are located outside the
web, possibly on a different server.

2) how do I get the form results from this database?

2 ways:
1) A set of pages that allow you to interogate the database, and edit
it as required. These should be password protected to only allow
authorised users access.

2) Download the database with FTP and edit on your desktop. You would
probably need to stop the web application (place a page on the web
saying "come back whenever") while this is done. (Not with SQL
Server or mySQL).

3) can I still get an email alertting me that a potential client has
filled
in an app?

Yes. Code it in the formhandler. This is not a standard FP feature.

How do other frontpage users do it?
what is the most simplest method?

The simplest method is to let FrontPage wizards do the work, but this
disallows the email notification. If you are collecting credit card
information the banks are likely to disapprove unless an external
database is used (located outside the web), and there may well be
other considerations as well. Using a shared SSL, you may not be able
to use the wizards - I have never tried this.

If the information is as sensitive as Credit Card details, then you
may need a programmer to build the application for you.

 

[Edwin Hannan]

Ron

Thanks for your time on this matter

you have clarified this subject for me

cheers

Ed