close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

ssl and email form?

Thread began 2/15/2011 9:22 am by michael419508 | Last modified 2/16/2011 2:03 pm by Jason Byrnes | 3154 views | 8 replies |

michael419508

ssl and email form?

I first want to apologize if this is the wrong area to make this post. My question is if I have SSL configured on my hosting plan. Then add all my files related to a form I have built into that folder and using https for any pages related to the form or links on the same page. Will the form data be encrypted when the person hits the submit button.

From everything Google it sounds like forms won’t be protected when submitted even if the pages are https. However I have also read that if the form action uses an https url then it does submit the data encrypted?

Could someone please advise and perhaps explain the action part of the form as currently it does redirect to a page that says thankyou.php, but the form action only shows this. (action="")

I hope this makes sense.

Also I am using Universal email 4 and dreamweaver cs5

Sign in to reply to this post

michael419508

Any Thoughts??

If you are not sure what I am asking then please let me know.

I did by the solution suite hoping to forge a long term relationship with Web Assist.

I have read many posts on this forum and have to say you guys do provide great service!
Michael

Sign in to reply to this post

Jason ByrnesWebAssist

this is a tricky one.

your basic question:

  Will the form data be encrypted when the person hits the submit button.  



misses the over all picture of what is happening when the submit button is pressed.


the answer to the basic question is Yes, the form data is passed to the server in a secure format.

However, that does not mean that the form data is sent to the user in a secure format in the email.


When the form is posted using a page that is hosted through SSL, the form data is sent to the server in a secured format. The server process the form data and compiles it into the email message.

once the email message is complied, it is sent to the SMTP server. this is where the security chain breaks, the connection to the SMTP server no longer uses SSL, so the email message is no longer secured.

Email is inherently an insecure form of communication.


The forms action tells the form where to send the form data when the submit button is pressed.

In most cases, leaving the form action blank is correct. but is some cases, you will want to submit the data to another page.

Sign in to reply to this post

michael419508

Pretty much what I thought!

Thanks very much for your reply Jason!
I was pretty sure this is what would happen. But my client was concerned and I needed at least some more clarification. I did suggest to them that is where it would break and the server would not be able to format the email and send it to them and the form submitter in a secure way.

I assume that if the info was dropped into a mysql database then it resolves the issue. However I am not sure how they would know the database was updated so they could view the data.

Any thoughts as to how that could work.
Thanks again for your expertise!

Sign in to reply to this post

Jason ByrnesWebAssist

What information are you trying to get to them?

I ask in case we are dealing with credit card information.

If we are dealing with Credit card details, those should be sent through an email, nor should they be stored in your database.

If we are not dealing with CC Info, then sure, it could be stored in the database, and you could have an email sent to alert them that a new record was inserted.

Sign in to reply to this post

michael419508

No credit info

There is no credit card info; however some of the info is personal. Once the data is dropped into the tables it would be nice if it could just send a generic email showing the database was updated when they submit the form. Then the customer could login to mysqldb too view the information sent. That way there is no personal info transferred thru email.

Sign in to reply to this post

Jason ByrnesWebAssist

yes, you can do that easily with data Assist and universal Email.


Use the data assist insert record behavior to insert the data to the database, dont set a redirect page.

then use Universal Email to send the generic email. If you dont chose the option to create a file for the email, you can click on the Dreamweaver Edit button to design the look of the message, and it wont include the form details.

Sign in to reply to this post

michael419508

Great idea

Thanks Jason,
Sounds like an option I will try.
Could you also cc the generic message as well? I assume you would have to grab the cc email from the form data as usual, which happens before the post. I ask because you mention if you are not using cc. Just wondering if there is a way of notifying the submitter the data went.

Thanks
Michael

Sign in to reply to this post

Jason ByrnesWebAssist

yes, you could cc the form submitter as well, my mention of cc data was in relation to Credit Card info. I was using cc as an abbreviation for credit card, not carbon copy.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...