forms security

[Pat]

What is the best way to ensure security with FP online forms?
How should permissions be set on the html file for the
online form and also on the files the forms write to?

Thanks
Pat

 

[MD Websunlimited]

Hi Pat,

Define the security that you're looking for?

Forms normally do not have any security as you want all visitors to complete them. Where the data of the forms is persisted is
normally protected with file permissions and with the best being when the files exist outside of the web tree.


--
Mike -- FrontPage MVP '97-'02
http://www.websunlimited.com
Create fast, better scaling link bars with CSS Menu Maker
http://www.websunlimited.com/order/Product/CssMenu/css_menu.htm
FrontPage Add-ins Since '97 2003 / 2002 / 2000 Compatible

 

[Pat]

Right - I want everyone to be able to complete the forms
but the data file needs to be secure if it includes ID
numbers or financial info. How should permissions on that
file be set so the form can write to the file but only
selected users can access the data?

Thanks
Pat

-----Original Message-----
Hi Pat,

Define the security that you're looking for?

Forms normally do not have any security as you want all

visitors to complete them. Where the data of the forms is
persisted is

normally protected with file permissions and with the best

being when the files exist outside of the web tree.

 

[Steve Easton]

Have the form save the data to a file located in the _private folder.


--
Steve Easton
Microsoft MVP FrontPage
95isalive
This site is best viewed..................
...............................with a computer

 

[Kevin Spencer]

Well, Pat, you've got more problems than you were aware of. The problem is
not only whether users can see the data in the file you are writing it to;
it's a matter of reading the data as it is passed from the browser to the
server. This can be done using a piece of software called a "packet
sniffer" - it intercepts TCP/IP packets enroute. This is why there is SSL
(Secure Sockets Layer). SSL encrypts data going to and from the browser. You
should ask your hosting company if your web site can support SSL, and
whether or not they can supply you with a Secure Certificate.

--
HTH,
Kevin Spencer
..Net Developer
Microsoft MVP
Big things are made up
of lots of little things.

 

[Pat]

Thanks Mike, Kevin, Steve

Maybe I'm worrying too much - we do have SSL on the server
and yes I'm saving the data in the _private folder. Is this
enough?

Pat

 

[MD Websunlimited]

I've seen a lot of WPP that have the _private unprotected. Do a test to make sure you can not retrieve the file.

 

[John S]

Can you write the data to a file in the _private folder, and also send an e-mail message to the webmaster saying that there is new information in the file? Otherwise, it'll be a pain having to check all the time.

Can FP do two things at once on a given form?

 

[Stefan B Rusynko]

You can send the same form information to both an email address and a file in the _private folder




| Can you write the data to a file in the _private folder, and also send an e-mail message to the webmaster saying that there is new
information in the file? Otherwise, it'll be a pain having to check all the time.
|
| Can FP do two things at once on a given form?