Registration Forms on frontier

A place to ask questions and get help. Be the first on your block to post ...

Registration Forms on frontier

Postby beck » Thu Aug 16, 2007 5:19 pm

I found an old post describing how to make a form on a site hosted by frontier which sends the completed info to an email. This is actually exactly what the powers that be wanted for this registration, and the testing so far has worked perfectly. However, I'm unsure if any security issues have been resolved for this method yet, or if security is even a possibility (submiting via email and such). I'm doubting this method is secure enough to allow use of NU ID's - or is it? and/or are NU ID's a "security" issue that would require the use of a secure server? Basically these are my first steps into the security waters of the internet, and UNL's policies with NU ID's, names, emails, etc. and would appreciate any suggestions on what not to ask for in this form or pointing me in the direction of how to set up this registration on a secure server.

The testing page for the form is http://stuafs.unl.edu/empower/register_test.shtml

Thanks.
beck
 
Posts: 41
Joined: Thu Oct 06, 2005 11:02 am
Location: VCSA

Postby saltybeagle » Fri Aug 17, 2007 9:13 am

Security is still a concern with frontier --- from the client's perspective. SFTP is now required for content providers to connect to the server, but clients still cannot securely communicate with the web server. I still wouldn't use the formmail/formparse script for collecting any secure data since there is no SSL and the information is sent through email.

I'm not sure if the nuid itself should be securely handled, or nuid in combination with what other personal information. You might contact Zac Reimer w/ IS if you have some security questions wrt to what data might be too sensitive to send to a web page insecurely.

At the moment, the alternatives are to set up your own server with an SSL certificate, or contract a department that has a ssl certificate and contract some sort of hosting with them.

But, then again there are several web services around campus, IS supported and others which do not handle data securely. I'm have some hope that this latest proposal (if implemented) could solve a lot of our problems - http://docs.google.com/Doc?id=dgtbrg66_31hkzk33
Brett Bieber
Image
saltybeagle
 
Posts: 376
Joined: Fri Jan 16, 2004 3:10 pm
Location: 321 Admin


Return to Help & Assistance

Who is online

Users browsing this forum: No registered users and 1 guest

cron