Secure e-mail needed?

jasonmartin

I have a form on a secure area of my server (SSL) that sends an e-mail when it is submitted.

Question: Since the e-mail is being sent to an account on that same server do I need to worry about encrypting it so others can't see the personal details of the user?

Thanks,

Jason Martin

robertjackson

Yes. You do need to encrypt the e-mail prior to it leaving the secure server, regardless of whether the secure server and the mail server are on the same machine. Ultimately, the e-mail is going to be sent over the internet to the client computer.

Do a search of phpbuilder for PGP and you'll find several articles describing how to do PGP (and GPG) encryption using PHP. Also look at www.thickbook.com and find Julie Meloni's encryption tutorial.

You will then need PGP (or GPG) software on the client computer to decrypt the e-mail. You can get that from www.pgpi.com (for non-commercial use) or buy it from www.pgp.com or www.macafee.com (for commercial use).

Rob

jasonmartin

Thanks for the tip.

One more question:

If I submit the form to the database & recall the information in another page in the secure area, do I have to worry about encrypting any of the data?

Thanks,

Jason Martin

robertjackson

Hi Jason,

My guess is that encryption of data for the transfer between the database server and the web server (or the other way) may or may not be required depending upon whether the database is local or remote.

If the database server is on the localhost, then encryption is probably not required. If the db server and webserver are on the same intranet, encryption may be required. If the db server and the web server are in different facilites, then you should encrypt.

If you have mcrypt installed with PHP, then 2-way encryption is pretty straight-forward. Similarly for PGP/GPG. You might as well encrypt the info before it leaves the secure server.

Doing the encryption in PHP will also mean the your data is stored encrypted (which is probably a good thing is you're concerned about the information).

Rob