Hi,
I have a form at this website:
http://www.oaknoll.com/hawkeye.asp
A client has asked if this form is secure, since it asks for birthdate etc. I have a captcha on the page, but I don’t really work with forms much and I assume this is a secure form, but can anyone tell me if it is secure enough?
Thanks,
Sarb
Do you have proper validation being applied to all the fields in the form before anything else is done with what has been entered? Most security issues arise because the form fields are not validated properly before they are used.
Since you request personal data about your visitors, link to your privacy policy (of a decent content) can work great in reassuring suspicious visitors that their data is safe and won’t be disclosed to any third party. Try to include such link and see what happens.
Also, best practices recommend that you don’t make sensitive information required. Fields such as Phone and Birth date are better be left without the asterisk.
You have to make sure the form fields are protected… find the security certificate is one step… also, if you use say Chrome to view it, you can verify the SSL security on the highlighted green area of the URL… it should then give you additional info on the security and then you would be able to verify the form fields being protected. I have seen sites that use a frame that is not protected for their form fields even though the page itself loads up as secure. NOT SO in some cases. Good luck!
The form is only “secure” if you have a valid SSL certificated installed on the server and you view the page where the form is at via https://…
You have to update code the google captcha plugin.