Web Form Security/Vulnerabilities

User 37509 Photo


Registered User
2 posts

I have a Convention Registration Form with PayPal which appears to be working well. Required data is emailed just as it is supposed to. But, this has brought up some very interesting questions about online security.

The Convention is for a 12-Step program called Al-Anon (similar to AA). Anonymity is very important to the participating members and their families.

I have been reading a good bit about the security vulnerabilities with FormMail...spammer attacks, mail intercept or redirect or other exploitation.

How secure is the info being collected and emailed (registration data and PayPal data)?

Larry D
User 38401 Photo


Senior Advisor
10,951 posts

Hiya Larry,

Being a friend of Bill's I can say that while anonymity is definitely important, someone will need to be in charge of the information that gets emailed from the form. That information has to go somewhere and unfortunately since you're working with payments the information (full name, address etc.) will most likely be revealed to the person who's email is listed as the one to receive the form results. Most likely PayPal will send a notice to the person in charge of that PayPal account also. Security where PayPal is concerned is pretty much no worries, the form builder is basically a go between for information and that's all done via email (or databases, mysql, etc. depending on how you have it set up.). Email security is well basic email security and would require the recipient of the form results to be using extra security if you feel it's needed as well as making sure the server has good security.

I personally don't think I'd worry too much about it leaking into the net, I don't think anyone pulling data from an email or from a website is going to be looking to plaster names of Alanon or AA members on a website, no real value in it for them. I'm pretty sure that it will be plenty secure as long as you're aware that at least 1 person will need to be able to see full information (except bank details as PayPal handles all that) of each person that sends any payments through it.
User 298877 Photo


Ambassador
292 posts

Hi Larry,

As Jo Ann has pointed out, there are no concerns over the security of financial data as this is not revealed to anyone and is kept safely by Paypal and their robust system.

When it comes to the personal sensitivity aspect, you could consider the kind of e-mail services that legal people tend to use where your received e-mails are kept in the cloud and in a "vault" type secure hosting platform where you and only you can access them. This means that if your staff machines were ever hacked there is no way that e-mails can be harvested etc.

One good example is http://www.evizone.com/freeService.htm but there are many, some paid for and some free.

You can have your form output handled by these services and the transaction aspect is handled by Paypal.

Dave :)
User 37509 Photo


Registered User
2 posts

Thanks Dave and Jo Ann (any friend of Bill is a friend of mine),

Your inputs give me confidence that this is the way to go.
Thanks again...Larry D
User 38401 Photo


Senior Advisor
10,951 posts

You're quite welcome Larry and good luck with the site :)
User 298877 Photo


Ambassador
292 posts

You're welcome Larry, enjoy yourself with the site development :)

Have something to add? We’d love to hear it!
You must have an account to participate. Please Sign In Here, then join the conversation.