Does Dreamweaver protect Post data (email addresses) when sending forms?

Report · Jul 11, 2009

I'd like to know how to prevent lurkers from being able to intercept email addresses from the Registration forms (POST) as they are submitted from my site. I'm not worried about harvesting my address on my site, I think that problem is covered. But I am concerned that those who register on my site are not giving up their information. How do I prevent that?

Report · Jul 11, 2009

Dreamweaver does not and can not protect data from eavesdroppers. You need to use HTTPS if you are concerned about this.

Report · Jul 11, 2009

Thank you.

Report · Jul 11, 2009

Let me ask this then: Should I be concerned with this or am I wasting time.

Nothing here is financial or anything.

Report · Jul 12, 2009

Only you can be the judge of whether you should be concerned. If the information is something that you would happily send by email, there's nothing to worry about. If the information is more sensitive, you should store the information directly into a database, and then retrieve it directly from the database.

Report · Jul 12, 2009

Thanks David. My initial concern is that spammers who filter the internet

looking for email addresses that are sent in form submissions would have a

field day with collecting addresses. I'm looking through your books at this

moment actually looking for ways to prevent them from harvesting that POST

data as it goes by. The rest of it really isn't sensitive but the email

addresses do concern me. Can you point me to a chapter with the most

relevant info?

Brian

Report · Jul 12, 2009

I don't go into that depth of detail about security in my books. I think that, in this case, you are worrying needlessly.

Report · Jul 12, 2009

Thanks again David. That is pretty much what I was hoping to hear.

Report · Jul 12, 2009

I agree with David. I'm no security expert, but it seems to me that eavesdropping techniques are much too much effort for thieves to use to capture email addresses. There are too many simpler ways to harvest them. Eavesdropping is usually used to steal more personal info like login credentials, credit card info, and more personal data. I wouldn't worry about it. Account creation forms and login forms may be a different story.

Report · Jul 12, 2009

Thanks bregent,

I pretty much always do what David tells me to do and it always works out,

so...

These are, in fact registration forms so students and teachers can set up

their accounts on the website. But it is only later that they begin to input

data about themselves. At that point I'm using a recordset to grab their id

number and removing all other personal stuff from the forms, then logging

them out of the Session var and tracking them with cookies as per what I've

picked out of Snyder and Southwell's book on php security.

We're expecting a pretty good following and I just don't want to let anyone

down by stupidly ignoring any 'obvious' security holes. But even then it

really only amounts to some 'creative writing' and their personal intersts.

I'll keep this email so, if it turns out badly, I'll blame you and David.

Brian

Does Dreamweaver protect Post data (email addresses) when sending forms?

1 Correct answer