peterfs — 2011-08-30T03:48:08-04:00 — #1
I need some advice regarding website security.
I have a website application where a user enters their details in a form, the data is then transmitted to a third party website using a POST request and SSL for encryption. The website runs over HTTPS.
The third party website needs to be able to see the data.
Is there anything else I can do to secure the data that's being transmitted?
Please let me know if you need any more specific details.
scallioxtx — 2011-08-30T04:22:06-04:00 — #2
HTTPS is already pretty secure, but if you want to make it a bit more secure you could use hashing with a secret key only you and the receiver know.
For example, when you send the data
The receiver can also calculate the hash from the data and $mySecret (which they have to know of course) and check if it's the same as the hash you sent with the data; if not, someone tampered with the data. Of course this relies on the fact that hackers don't know $mySecret and are therefore not able to create a hash of their own.
peterfs — 2011-08-30T07:08:16-04:00 — #3
Hashing looks interesting, I'll look in to that. Thanks for your response.