General discussion


Secure Formmail?

By ACSTech01 ·
Hi all,

I have a client who needs a secure donation script - basically,
formmail that is secure in all areas, or at least enough so that
credit card information transmitted through it is safe. It should
end up in an email box on their server.

I was thinking of just using an SSL-encrypted formmail script
and then having the client access the results through webmail
(also SSL-encrypted) but I'm not sure if the host allows secure
webmail. I have a support ticket out on this but I don't have a
response yet.

GnuPG is an option, but hopefully won't be necessary.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by steve In reply to Secure Formmail?

If you use formmail via SSL, that only secures the information from their browser to your server. The information is still sent via email in plain text. That is not secure. See a paper that I wrote in 1999 entitled, "Are Secure Internet Transactions Really Secure?" It can be found at

It it I explain the problem and mention two services (one of which is mine) that offer hosting of secure forms that encrypt the information submitted, store in in a location on the server that is not accessible directly from the web, and sends a notification email to the client. The client then logs into the management server (using a username and password protected by an SSL connection) to retrieve the data (still protected by SSL.

Collapse -

by ACSTech01 In reply to

Thanks for the good answer, but that doesn't help a lot. Or rather, it wouldn't.

What I ended up doing was having the email sent to a local address on the server
which can be accessed by SSL-enabled webmail. Therefore it never leaves the

Collapse -

by ACSTech01 In reply to Secure Formmail?

This question was closed by the author

Related Discussions

Related Forums